[ISN] One Of The 32 Million With A RockYou Account? You May Want To Change All Your Passwords. Like Now.

From: InfoSec News <alerts_at_private>
Date: Tue, 15 Dec 2009 02:08:20 -0600 (CST)
http://www.techcrunch.com/2009/12/14/rockyou-hacked/

By MG Siegler 
TechCrunch.com
December 14, 2009 

It's no secret that most people use the same password over and over 
again for most of the services they sign up for. While it's obviously 
convenient, this becomes a major problem if one of those services is 
compromised. And that looks to be the case with RockYou, the social 
network app maker.

Over the weekend, the security firm Imperva issued a warning to RockYou 
that there was a serious SQL Injection flaw in their database. Such a 
flaw could grant hackers access to the the service's entire list of user 
names and passwords in the database, they warned. Imperva said that 
after it notified RockYou about the flaw, it was apparently fixed over 
the weekend. But that's not before at least one hacker gained access to 
what they claim is all of the 32 million accounts. 32,603,388 to be 
exact. The best part? The database included a full list of unprotected 
plain text passwords. And email addresses. Wow.

The hacker has posted a sample of what they found. They have blanked out 
the passwords for now, but warns, "Don't lie to your customers, or i 
will publish everything." As far as we can tell, RockYou hasn't issued a 
warning about this to its users yet. We've reached out to the company, 
but have yet to hear back.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Tue Dec 15 2009 - 00:08:20 PST

This archive was generated by hypermail 2.2.0 : Tue Dec 15 2009 - 00:26:18 PST