Information on 3.3 million Hello Kitty fans leaked in data breach, including unsalted SHA-1 "encrypt
6 replies, posted
[url]http://www.neowin.net/news/information-on-33-million-hello-kitty-fans-leaked-in-data-breach[/url]
[quote=Neowin]Over the course of this year, data privacy has become even more a growing concern with quite a lot of high profile hacks occurring. You might remember Ashley Madison, a dating site for married people, where 32 million accounts were leaked, or perhaps T-Mobile where the information of 15 million customers got stolen. Today, yet another website was added to the list of victims, as the database of Sanriotown was breached and leaked online.
While the name 'Sanriotown' might not ring a bell for most of us, it might say more for children, as Sanrio is the Japanese company behind figures like Hello Kitty. The Sanriotown website is its official community website, which shares its database with other websites like hellokitty.com and several other localized versions of this website. Because of this, it's likely that most of the victims of the hack are children.
...
While the passwords were encrypted in the database, the (SHA-1) algorithm used is outdated, and since no salts were used, these passwords are easily hacked.[/quote]
I seriously wonder how mistakes such as not salting are made, it seems like it'd be one of the first things you'd be taught when it comes to security
I'd like to think that the people that did this were just hoping to glean the parents' payment information and will leave the kids alone, but I know better than to think that.
[editline]21st December 2015[/editline]
[QUOTE=thelurker1234;49364679]I seriously wonder how mistakes such as not salting are made, it seems like it'd be one of the first things you'd be taught when it comes to security[/QUOTE]
Because some chucklefuck somewhere high up in the company gets a $200k bonus for saving the $100 in time and electricity it would take to implement salting.
[QUOTE=Forumaster;49364685]I'd like to think that the people that did this were just hoping to glean the parents' payment information and will leave the kids alone, but I know better than to think that.
[editline]21st December 2015[/editline]
Because some chucklefuck somewhere high up in the company gets a $200k bonus for saving the $100 in time and electricity it would take to implement salting.[/QUOTE]
Implying the guy knew about it. something tells me people that high up don't know salting as anything more then what they put on their $90 fillet steaks.
[QUOTE=nuttyboffin;49364717]Implying the guy knew about it. something tells me people that high up don't know salting as anything more then what they put on their $90 fillet steaks.[/QUOTE]
That's what the security expert is hired for.
Security expert says: "We need to do this thing."
Executive says: "How much does thing cost?"
Expert: "It costs this many monies to make thing happen, but if we don't do it then bad thing might happen"
Exec: "You say might happen, so that means it might not. We need to save monies and so we won't be doing thing."
It makes me irrationally angry when hashing algorithms are referred to as "encryption."
[QUOTE=geel9;49365139]It makes me irrationally angry when hashing algorithms are referred to as "encryption."[/QUOTE]
Only the part about "hacking" them is more wrong here :v:
Maybe we should make a cheat sheet for "tech journos"?
Sorry, you need to Log In to post a reply to this thread.