After Linked-in, Yahoo loses 450,000 user login credentials, which were unencrypted. Since then, they claim to have fixed the issue. However, the fact remains, it's really pathetic that the web service providers still do not adhere to the basic security principles, like encrypting passwords.
Here is the orignal dump of exposed passwords. Another copy is here.
A good analysis of the exposed passwords.
In case anyone needs a refresher course on what hashing is, and how to do it properly.
No comments:
Post a Comment