Feeds

back to article National Theatre hack forces password reset

Some 17,000 culture vultures registered to the UK's National Theatre website need to reset their passwords after the site was hacked. The 20 February attack hit systems storing the logins of 17,000 (or around three per cent) of the 500,000 plus registered with the site. Only email, password, name and contact information was …

COMMENTS

This topic is closed for new posts.
Gates Horns

plain text?

Don't tell me they were storing people's passwords in plain text!? I seriously don't understand how such large companies can go on doing that.

2
0
Dead Vulture

Folly?

It also illustrates the folly of not salting and hashing passwords (with something slower than MD5, preferably): the implication of both the registration page here - https://www.nationaltheatre.org.uk/register - and their announcement is that they store passwords as plain text. Of course an IT-literate site like El Reg wouldn't be so fuckwitted as to do this, would it?

Oh, it does.

0
0
Bronze badge

Maybe they just weren't hashed enough. Or even if they were.

If my password was set to "carnegie" then that's one of the first things they'll try. Along with "national theatre" and "nt". Maybe dictionary attack was how it was done, and using the names of anyone who mentioned the National Theatre online.

0
0
FAIL

How many times

How many times do hacks have to reveal passwords before people will start HASHING passwords? (let alone salting)

It's not new tech - the concept has been around for decades. It's just laziness or incompetence.

Personally, I think you let them off pretty lightly.

1
0
Megaphone

GROSS Incompetence at the NT

I was a member of the public that received the email saying my personal 'contact details' may have been access by a hacker. The head of IT at the NT could not even tell me what 'contact details' included until I sent him an email to enquire. Instead of coming clean and telling us our HOME ADDRESS AND POST CODE was at risk he decided to come out with an idiot ambiguous statement. Many people fall victim to identify theft from situations like this and the head of IT at the NT doesn't seem to think we should know the severity of the issue.

0
0
This topic is closed for new posts.