[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Bitcoin-only poker site resets user credentials after 42, 000 passwords leak
From: InfoSec News <alerts () infosecnews ! org>
Date: 2013-12-20 9:59:07
Message-ID: alpine.DEB.2.02.1312200958540.1712 () infosecnews ! org
[Download RAW message or body]
http://arstechnica.com/security/2013/12/bitcoin-only-poker-site-resets-user-credentials-after-42000-passwords-leak/
By Dan Goodin
Ars Technica
Dec 19 2013
An online poker service that deals solely in Bitcoin has issued a
mandatory password reset one day after someone published login credentials
for more than 42,000 enthusiasts of the card game and digital currency.
An advisory published Thursday by Seals with Clubs warns, "Our database
containing user credentials was likely compromised." Left out is any
mention of a list of 42,020 hashes posted to a user forum about 24 hours
earlier. While the person posting didn't identify the source of the
cryptographically salted SHA1 hashes, early rounds of cracking uncovered
passwords such as "sealswithclubs", "88seals88", "bitcoin1000000", and
"pokerseals". Password security experts almost immediately suspected that
they belonged to Seals with Clubs users. Thursday's advisory from the site
is probably the closest we'll get to a definite confirmation.
In Wednesday's post, which was made to a paid password recovery forum
operated by commercial password cracking software developer InsidePro, the
user StacyM attached a database of hashes and offered $20 in Bitcoins for
every 1,000 unique hashes that were cracked. Nine minutes later, the first
reply came in, claiming to have recovered the first 1,000. One day in,
about two-thirds of the list has been cracked. It wouldn't be surprising
to see that amount reach 80 percent or higher in the coming days.
On the Seals with Clubs site, operators described themselves this way:
[...]
--
Find the best InfoSec talent without breaking your
IT recruiting budget! Save 50 percent off our normal
rate by using the discount code - XMAS2013
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic