The military dating website MilitarySingles.com recently suffered a large-scale
data breach that exposed the personal information for more than 170,000 of its members.
The attack exposed the sites' cache of usernames, email addresses, passwords and even IP addresses, which were then posted on the file sharing site PasteBin by a group calling itself "LulzSec Reborn," according to analysis of the March breach by the security firm
Imperva. Many of the passwords exposed were extremely common and easy to guess, including "password," "123456," and "iloveyou."
The passwords were encrypted, though weakly, with the well-known MD5 hash, the report said. In all, it likely took the hackers less than nine hours to decode the tens of thousands of passwords. For this reason, Imperva notes the importance for companies to do far more to encrypt user passwords properly so that they cannot cracked so easily.
Ondrej Krehel, the chief information security officer for
Identity Theft 911, writes a blog about the ways hackers can cause
data breaches, and the identity theft concerns that can spring up as a result of these incidents.
© 2003-2012 IDentity Theft 911, LLC. All Rights Reserved