Major organizations still leave users’ passwords vulnerable
Password vulnerabilities ought to be a rarity. Well-known and easily-followed techniques exist for generating, using and storing passwords that should keep both individuals and organizations safe. Yet in 2012 we saw one massive password breach after another, at a slew of high profile organizations.
- Russian cybercriminals posted nearly 6.5 million encrypted (or hashed) LinkedIn passwords on the Internet. Teams of hackers rapidly went to work attacking those passwords, and cracked more than 60% within days. That task was made simpler by the fact that LinkedIn hadn’t “salted” its password database with random data before encrypting it.
- Dating website eHarmony quickly reported that some 1.5 million of its own passwords were uploaded to the web following the same attack that hit LinkedIn.
- Formspring discovered that the passwords of 420,000 of its users had been compromised and posted online, and instructed all 28 million of the site’s members to change their passwords as a precaution.
- Yahoo Voices admitted that nearly 500,000 of its own emails and passwords had been stolen.
- Multinational technology firm Philips was attacked by the r00tbeer gang. The gang walked away with thousands of names, telephone numbers, addresses and unencrypted passwords.
- IEEE, the world’s largest professional association for the advancement of technology, left a log file of nearly 400 million web requests in a world-readable directory. Those requests included the usernames and plain text passwords of nearly 100,000 unique users.
< Back Next >