A hack against online dating site Cupid Media that led to the exposure of the personal details and plain text passwords of 42 million consumers appears to have been pulled off by the same group of hackers who pulled off an even bigger pwnage against Adobe. Names, email addresses, unencrypted passwords and birthdays from the …
How can it be 42 million dateless Aussies when the total population is only 20 odd million?
All those lonely sheep in the Outback?
Maybe it's the sheep that realised their prospects in the outback were limited and moved to the city?
I think the forgot to exclude the 41.5 million spambot accounts, which probably also accounts for the mass poor passwords.
Think that is more likely to be 1.5m spam-bot accounts, and 40m "staff profiles, purely for testing purposes"
Because Cupid is full of fake profiles, even if their auditors can't find them.
Sorry to burst the bubble of humour, but a quick online check says:
"Cupid Media is a niche online dating network with over 30 million people internationally"
OK, so in one they say 30, and another they say 42. Critically its the "INTERNATIONAL" part that makes the difference.
Yes, so we make that 41.5 million INTERNATIONAL spambot accounts.
Well Spotted. INTERNATIONAL, eh? So those numbers include Tasmania as well then.
Not just the users at fault
"Facebook won plaudits from security watchers for its actions but the schemes like this can only mitigate against the problem without dealing with its root causes, lamentably awful password security practices by many netizens."
Isn't another of the root causes that there are still organisations out there which were still, in 2013 and after all the other high profile data losses, allowing trivial passwords and storing them unencrypted as if salting and hashing were esoteric novelties? Arguably they were even more culpable than their poor dumb users since you'd expect whoever they got to build their site to be professionals who were aware of the risks and actually had a clue.
So, this basically says that Facebook can reverse your password? My understanding was that for 'good security', and Zuckerberg being the "elite hacker-type" the media portrays him as we shouldn't have anything less, the password hashing / salting should not be reversible.
I like how the spell-checker in Firefox suggests 'Cocksucker' as a correction for 'Zuckerberg'. Unhappy former employee, perhaps?
No reversal needed
They have a plain text dump. They can take these password, hash them with the same salt as the FB password, and see if they get the same hash as is stored in the database. You know, like what happens whenever you log in.
"the leaked data appears to be genuine"
Unlike 80% of the profiles on the site.
Re: "the leaked data appears to be genuine"
I was wondering how many of the accounts were either fraudsters or prostitutes...
Although now we have a list of email addresses and a general gauge of how computer savvy they are, so now we'll be seeing fraud on the rise (mostly the classics: soldier in Middle East needs money to call home, 'hot woman' trapped in foreign country, green-carder, etc)
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- Did Apple's iOS make you physically SICK? Try swallowing version 7.1
- Pics Indestructible Death Stars blow up planets using glowing KILL RAY
- Neil Young touts MP3 player that's no Piece of Crap
- Review Distro diaspora: Four flavours of Ubuntu unpacked