joi, 2 mai 2013
Hackers accessed personal data of Reputation.com users
Reputation.com , an online reputation management website lost their own reputation when a hacker invade their website and accessed the personal data of users.
Reputation.com on Tuesday sent an email to customers disclosing the security breach. Reputation.com said in the mail that intruders had accessed the personal information including names, email , physical address, phone numbers, date of birth and occupational info.
On top of that, hackers had accessed the encrypted passwords of a small number of users. Reputation.com claimed that the passwords are highly encrypted(Hash+Salt) and "it was highly unlikely that these passwords could ever be decrypted".
One of the EHN's user commented on the issue "You fail at cryptology. The salt is stored with the hash. It doesn't add any strength to the individual hash's resistance to brute-force attacking, it only strengthens hashes from being attacked by pre-built rainbow tables. Even if you used bcrypt with a cost of 16 and 128-bit /dev/random salts, all an attacker has to do is iterate the10,000 most common passwords and they'll hit 98% of internet users. "