Some 17,000 culture vultures registered to the UK's National Theatre website need to reset their passwords after the site was hacked. The 20 February attack hit systems storing the logins of 17,000 (or around three per cent) of the 500,000 plus registered with the site. Only email, password, name and contact information was …
Don't tell me they were storing people's passwords in plain text!? I seriously don't understand how such large companies can go on doing that.
It also illustrates the folly of not salting and hashing passwords (with something slower than MD5, preferably): the implication of both the registration page here - https://www.nationaltheatre.org.uk/register - and their announcement is that they store passwords as plain text. Of course an IT-literate site like El Reg wouldn't be so fuckwitted as to do this, would it?
Oh, it does.
Maybe they just weren't hashed enough. Or even if they were.
If my password was set to "carnegie" then that's one of the first things they'll try. Along with "national theatre" and "nt". Maybe dictionary attack was how it was done, and using the names of anyone who mentioned the National Theatre online.
How many times
How many times do hacks have to reveal passwords before people will start HASHING passwords? (let alone salting)
It's not new tech - the concept has been around for decades. It's just laziness or incompetence.
Personally, I think you let them off pretty lightly.
GROSS Incompetence at the NT
I was a member of the public that received the email saying my personal 'contact details' may have been access by a hacker. The head of IT at the NT could not even tell me what 'contact details' included until I sent him an email to enquire. Instead of coming clean and telling us our HOME ADDRESS AND POST CODE was at risk he decided to come out with an idiot ambiguous statement. Many people fall victim to identify theft from situations like this and the head of IT at the NT doesn't seem to think we should know the severity of the issue.
- Rogue Nokia splinter cell drops its Jolla phone A-BOMB
- Geek's Guide to Britain BT Tower is just a relic? Wrong: It relays 18,000hrs of telly daily
- Product Round-up Smartwatch face off: Pebble, MetaWatch and new hi-tech timepieces
- Review: Sony Xperia SP
- Geek's Guide to Britain The bunker at the end of the world - in Essex