Emerald Business Systems Blog


RockYou Hacker: 30% of Sites Store Plain Text Passwords

Posted in Online Business,PCI,Security by ebs4pos on December 16, 2009

In a chat today lasting over an hour, we got to talk to a person claiming to be the infamous hacker behind RockYou’s latest data security woes.

While he claimed to have no animosity toward users, he had one clear message for websites: Take better care of your customers’ data. RockYou isn’t the only hacked site storing plain text login information, either.

What Happened

To bring us all up to date, here’s the gist of the story so far: The hacker, who we’ll call Tom (not his real name) for brevity’s sake, tells us that he used an SQL injection to gain direct access to RockYou’s database, where he found login information for more than 32 million user accounts. The data was all in plain text and contained third-party site logins, as well.

Tom sat on this information for a while. Although he’s posted about similar hacks in the past, he also claims to have exposed the same vulnerabilities and gained access to the same kind of data for many major U.S. sites. Tom wouldn’t reveal which sites he’d hacked, but he did say that he has no intention of using or publishing the data he’s unearthed.

But yesterday, incensed by this warning from an Internet security company and RockYou’s claims that only some accounts had been compromised by the security breach, Tom posted about the hack on his blog.

We (along with several of our peers) were tipped off to the situation via Twitter, and TechCrunch has since written two posts about the data breach.

via RockYou Hacker: 30% of Sites Store Plain Text Passwords.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: