Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Intruders. Show all posts

Hackers accessed personal data of Reputation.com users


Reputation.com , an online reputation management website lost their own reputation when a hacker invade their website and accessed the personal data of users.

Reputation.com on Tuesday sent an email to customers disclosing the security breach.  Reputation.com said in the mail that intruders had accessed the personal information including names, email , physical address, phone numbers, date of birth and occupational info.

On top of that, hackers had accessed the encrypted passwords of a small number of users. Reputation.com claimed that the passwords are highly encrypted(Hash+Salt) and "it was highly unlikely that these passwords could ever be decrypted".

One of the EHN's user commented on the issue "You fail at cryptology. The salt is stored with the hash. It doesn't add any strength to the individual hash's resistance to brute-force attacking, it only strengthens hashes from being attacked by pre-built rainbow tables.  Even if you used bcrypt with a cost of 16 and 128-bit /dev/random salts, all an attacker has to do is iterate the10,000 most common passwords and they'll hit 98% of internet users. "

However the company immediately reset the password to prevent unauthorized access.

Though the company claimed that hacker didn't access the financial information such as credit card numbers which they don't store, they are offering free credit monitoring for one year.