- Last.fm - presumably up to 17 million lost hashes - Algorithm used: MD5 - Hashes were Not salted
- eHarmony - 1.5 million hashes - MD5 - No salted - All upper-case-passwords
- LinkedIn - 6.5 million hashes - SHA1 - Not salted
- http://www.nytimes.com/2012/
06/11/technology/linkedin- breach-exposes-light-security- even-at-data-companies.html - http://translate.google.com/
translate?sl=de&tl=en&js=n& prev=_t&hl=en&ie=UTF-8&layout= 2&eotf=1&u=http%3A%2F%2Fwww. heise.de%2Fsecurity%2Fmeldung% 2FPasswort-Lecks-groesser-als- angenommen-1613946.html - http://www.technolog.msnbc.
msn.com/technology/technolog/ linkedin-eharmony-dont-take- your-security-seriously-819858 - http://erratasec.blogspot.de/
2012/06/linkedin-vs-password- cracking.html
What is quite amazing to me, is that the basic measures that would prevent the cracking of the hashes, like better hash algorithms, salting, re-hashing are not rocket science. There is even a very nice library [4] out there that does it for you and it even hooks into e.g. Spring Security [5] - Not even Java coding is necessary.
I just wonder how the hackers got access to the hashes in the first place...I could not find any information on that, yet. Maybe another juicy story...