RockYou are still storing passwords in the clear, and transporting user passwords in the clear via email. The platform actually encouraged simple passwords by not allowing any punctuation at all.
#Facebook password hacker password#
RockYou account creation only enforced password of a minimal length of 5 characters, there was no requirement for mixed-case, numbers or punctuation. It is more of a surprise that this had not happen sooner – as the RockYou platform is a swiss cheese of security vulnerabilities and poor practices. The method of vulnerability is extremely basic in execution, yet catastrophic in impact – which RockYou, and the sites users, are now learning the hard way. This includes social networks such as MySpace but also webmail accounts.ĭata UserAccount initial exploit took advantage of a trivial SQL injection vulnerability, a technique that has been well documented for over a decade. The database consists of a table containing partner data, and another table that has stored the credentials for those partner sites that users have entered. This matter now appears worse than originally suspected as the dataset also contains a table where RockYou have stored user credentials for social networks and other partner sites. The hacker responsible for the initial breach published a small portion of the dataset he had retrieved and was able to show that not only did he have access to their entire database, but also passwords were stored in the clear. The first issue is that RockYou attempted to downplay the entire incident, first by covering it up by not notifying users and then downplaying it in an official statement as being an issue that only affected ‘older’ applications. RockYou have yet to inform users of the breach, and their blog is eerily silent – but the details of the security breach are going from bad to worse. To compound the severity of the security breach, it was found that RockYou are storing all user account data in plain text in their database, exposing all that information to attackers. Earlier today news spread that social application site RockYou had suffered a data breached that resulted in the exposure of over 32 Million user accounts.
0 kommentar(er)
