Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Monday October 22 2018, @04:45PM   Printer-friendly
from the nothing-is-safe-online dept.

Submitted via IRC for Fnord666

Hack on 8 adult websites exposes oodles of intimate user data

A recent hack of eight poorly secured adult websites has exposed megabytes of personal data that could be damaging to the people who shared pictures and other highly intimate information on the online message boards. Included in the leaked file are (1) IP addresses that connected to the sites, (2) user passwords protected by a four-decade-old cryptographic scheme, (3) names, and (4) 1.2 million unique email addresses, although it's not clear how many of the addresses legitimately belonged to actual users.

[...] Besides wifelovers.com, the other affected sites are: asiansex4u.com, bbwsex4u.com, indiansex4u.com, nudeafrica.com, nudelatins.com, nudemen.com, and wifeposter.com. The sites offer a variety of pictures that members say show their spouses. It's not clear that all of the affected spouses gave their consent to have their intimate images made available online.

[...] In many respects, the most recent breach is more limited than the hack of Ashley Madison. Whereas the 100GB of data exposed by the Ashley Madison hack included users' street addresses, partial payment-card numbers, phone numbers, and records of almost 10 million transactions, the newer hack doesn't involve any of those details. And even if all 1.2 million unique email addresses turn out to belong to real users, that's still considerably fewer than the 36 million dumped by Ashley Madison.

[...] Still, a quick examination of the exposed database demonstrated to me the potential damage it could inflict. Users who posted to the site were allowed to publicly link their accounts to one email address while associating a different, private email address to their accounts. A Web search of some of these private email addresses quickly returned accounts on Instagram, Amazon, and other big sites that gave the users' first and last names, geographic location, and information about hobbies, family members, and other personal details. The name one user gave wasn't his real name, but it did match usernames he used publicly on a half-dozen other sites.

[...] Also concerning is the exposed password data, which is protected by a hashing algorithm so weak and obsolete that it took password cracking expert Jens Steube just seven minutes to recognize the hashing scheme and decipher a given hash.

[...] Known as Descrypt, the hash function was created in 1979 and is based on the old Data Encryption Standard. Descrypt provided improvements designed at the time to make hashes less susceptible to cracking. For instance, it added cryptographic salt to prevent identical plaintext inputs from having the same hash. It also subjected plaintext inputs to multiple iterations to increase the time and computation required to crack the outputted hashes. But by 2018 standards, Descrypt is woefully inadequate. It provides just 12 bits of salt, uses only the first eight characters of a chosen password, and suffers other more-nuanced limitations.

"The algorithm is quite literally ancient by modern standards, designed 40 years ago, and fully deprecated 20 years ago," Jeremi M. Gosney, a password security expert and CEO of password-cracking firm Terahash, told Ars. "It is salted, but the salt space is very small, so there will be thousands of hashes that share the same salt, which means you're not getting the full benefit from salting."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Funny) by DannyB on Monday October 22 2018, @05:39PM (8 children)

    by DannyB (5839) Subscriber Badge on Monday October 22 2018, @05:39PM (#752053) Journal

    If they are not paying to view it, then they are anti capitalist. You get what you pay for, so free stuff online cannot possibly match the quality of commercial material. Just ask Steve Ballmer about open source. Or ask the MPAA / RIAA about Creative Commons.

    Paying for it should be required. Legislators would do good to remember that when criminalizing prostitution. Paid must be better than for free at home.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    Starting Score:    1  point
    Moderation   +2  
       Funny=2, Total=2
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 4, Funny) by ikanreed on Monday October 22 2018, @05:47PM (7 children)

    by ikanreed (3164) Subscriber Badge on Monday October 22 2018, @05:47PM (#752056) Journal

    Trying to pin this post on the spectrum from "sincere political opinion expressed with seething anger" to "ironic humorous character designed to represent a horny crazy person" is impossible. No one could ever do it.

    • (Score: 3, Informative) by DannyB on Monday October 22 2018, @05:55PM (6 children)

      by DannyB (5839) Subscriber Badge on Monday October 22 2018, @05:55PM (#752059) Journal

      It seems rather limiting to assume that the post is the result of only one single type of insanity.

      --
      People today are educated enough to repeat what they are taught but not to question what they are taught.
      • (Score: 2) by ikanreed on Monday October 22 2018, @06:15PM (5 children)

        by ikanreed (3164) Subscriber Badge on Monday October 22 2018, @06:15PM (#752074) Journal

        Honestly, I have no qualms with sincere political opinions expressed with seething anger. It'd be a bit hypocritical if I did.

        • (Score: 2) by DannyB on Monday October 22 2018, @06:28PM (4 children)

          by DannyB (5839) Subscriber Badge on Monday October 22 2018, @06:28PM (#752081) Journal

          Political or social opinions can be expressed in a dark cynical way. Political views, or laws, can be stated in a self-contradicting or oxymoronic way.

          --
          People today are educated enough to repeat what they are taught but not to question what they are taught.
          • (Score: 2) by ikanreed on Monday October 22 2018, @06:44PM (3 children)

            by ikanreed (3164) Subscriber Badge on Monday October 22 2018, @06:44PM (#752089) Journal

            That's all true, but I do aspire to minimize my hypocrisy where possible.

            • (Score: 2) by DannyB on Monday October 22 2018, @07:40PM (2 children)

              by DannyB (5839) Subscriber Badge on Monday October 22 2018, @07:40PM (#752113) Journal

              I am curious as to what you mean.

              --
              People today are educated enough to repeat what they are taught but not to question what they are taught.
              • (Score: 2) by ikanreed on Monday October 22 2018, @08:05PM (1 child)

                by ikanreed (3164) Subscriber Badge on Monday October 22 2018, @08:05PM (#752128) Journal

                I don't want to allow the fact that hypocrisy in political opinions is normal drive me to be hypocritical.

                • (Score: 2) by DannyB on Monday October 22 2018, @08:41PM

                  by DannyB (5839) Subscriber Badge on Monday October 22 2018, @08:41PM (#752149) Journal

                  I might call it sarcasm. Or Poe's law. Or something.

                  My original post about not paying for it is intended to be funny and not really a political statement primarily. A joke in response to the the joke of people being gullible enough to pay for porn.

                  Mashing up the "open source bad because its free" meme with "legalizing prostitution" has a political element. It's still primarily intended to be funny rather than start a political discussion.

                  If you want to see political hypocrisy, see this [soylentnews.org] which I wrote. Clearly (at least I hope clearly) I do not believe in the idea I am proposing.

                  --
                  People today are educated enough to repeat what they are taught but not to question what they are taught.