Friday, June 17, 2016

45 million records hacked - VerticalScore is now in the competition for the Leaked Data Score

Data breaches are not surprising us anymore. After major data leaks on highly popular social network sites; MySpace, LinkedIn and Tumblr,  here we go again.

VerticalScore's network got hacked and 45 million data records were stolen.

As analyzed by LeakedSource, leaked data from VerticalScore, contained in some cases even two passwords and the records were not stored in clear text.

Securing all data and than storing it in an easy-to-crack way is like closing the front door of the house while leaving the back door wide open.

However, VerticalScore is not the only problem here. Over the past several months,we've seen and some of you have unfortunately even experienced major data breaches that impacted millions of users and companies.

The question that pop ups here is: How were the passwords stored and was it secure enough?

Modern (bcrypt) vs traditional MD5 hashes

Naked Security tried to explain the VerticalScore huge data breach by comparing two different password hashing methods.

Bcrypt hashes are several orders of magnitude stronger than traditional MD5-based hashes. This proves the situation with Ashley Madison leaked data were some of them were stored using the bcrypt method and others just like VerticalScore using traditional MD5 hashes.

In the case of the bcrypt hashes, for the researches it took 7 days to crack 4,000 of the weakest. In other case, with the MD5 hashes it took 10 days to crack 11 million.

Stronger security

It is the responsibility of the companies to provide the best possible layers of security, so data breaches don't happen in such a large scale. They could start with deep understanding of the protection of user passwords using modern and advanced hashing algorithms.

Users, on the other hand, should not play with 123456 or 111111 passwords.

Stay safe.

No comments:

Post a Comment