Discussion in 'Social Networking Sites' started by lancis, Jun 6, 2012.
Time to change your password... I've already changed mine.
damn someone can make a lot of of dough with that kind of data
i thinking abt my websites security .. LOL
Yep, thats pretty much priceless data. Not your average Joe, mostly business people.
This is lame. Gotta change my password quickly now.
This is the list as posted by the above-mentioned hacker:
Its encoded using SHA-1, so if you want to check whether your password was stolen use PHP to encode your password and search for the resulting string. Obviously, dont use online SHA-1 services, most of them are there to help you donate your own password to the community.
Wow that's insane! Wonder how he pulled that one off.
My admirations to the hacker. As far as i understand(i didn't downloaded the zip archive yet), only the password hashes' are leaked with no associated email.
It is possible to crack the passwords, however a simple password with 8 symbols, containing only a-z and 0-9 will result in 2,821,109,907,456 combinations.
I think this information is useless.
As I understood the hashes are unsalted, theoretically that means that an average server can crack up to 6 passwords/day using for example HashCat. It might get a long time time to crack em all, but it seems the passwords is not the only problem, the rest of the database has been leaked as well.
What about pre-generating Encrypted characters.
like if you encrypt a character it will give a string (that string always remains the same for that character).
Do it on many servers, for all possible characters & combinations -> that way you obtain all sorts of hashes of different encryption types.
And then you can just a SELECT from database WHERE @ = hash
to match & get result
Yeah, this is probably the first thing they going to do. There are a lot of hash databases, some of them can be found online. I remember using one when tried to match a hash. Although it didnt help me, but with 6.5 million strings someone is likely to get lucky.
Using external hash databases will speed the process eventually.
I was just curious what i can do on my machine(Q9550), i was able to check 250k hashes per second, so it will take me around 5 months to crack all 8 symbol passwords.
Pretty bad stuff, I had an account there
Time for me too, to change the password
I never understood why large companies don't salt their hashes...
I have a account on there, I changed mine this morning when I saw it on the news.
Wow - luckily I don't have an account with them
From those I know almost everyone has an account there: hi tech people, lawyers, investors, you name it..
Maybe they should hire competent people and stop trying to import more cheap overseas labor.
Separate names with a comma.