The leaked personal data of more than 3.6 million users registered on dating site MobiFriends was made all the more vulnerable because the site used the notoriously weak MD5 hashing.
“It is always troubling to hear about passwords being stolen in a data breach, especially when the stolen passwords are hashed with MD5,which is infamous for no longer being cryptographically secure,” said ForgeRock Senior Vice President Ben Goodman. He pointed out that four of five global breaches stem from weak or stolen passwords with the problem exacerbated by users reusing username and password combinations.
In this case, the compromised user credentials could unlock nearly 10 million accounts due to rampant password reuse,” said Vinay Sridhara, CTO at Balbix , citing a recent company report that “found that the average password is reused 2.7 times, and the average user is sharing 8 passwords between work and personal accounts.”
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.