More than eight million email addresses, usernames and password hashes from German gaming website Gamigo have been dumped online, months after the site was hacked. A 500MB file containing 8.2 million Gamigo user login credentials was uploaded and publicised via a post to password-cracking forum Inside Pro, according to the …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Tuesday 24th July 2012 16:03 GMT wibble001

"It's unclear why the person who uploaded the list waited so long to spill the goodies after the original breach" - Really slow upload rate?

1 0
1. Tuesday 24th July 2012 19:48 GMT Mike007
  
  Surely you mean they must have been using <insert readers ISP>? (judging by comments on most ISP related articles it seems most readers seem to chose to give their money to ISPs they think are a load of crap)
  
  0 0
Tuesday 24th July 2012 18:26 GMT Khaptain

Dong

You can here the sound in the admins head as the bell rings and he says to himself: "Ohhhh Fuck, why me....."

0 1
Tuesday 24th July 2012 20:18 GMT Anonymous Coward

I like the way hackers talk with such superiority when it comes to describing how stupid people are when managing data. I know a guy who like to hack and he is just the same. i.e. cracking this MD5 was childsplay, they might as well have stored the passwords in plain text.

0 0
Tuesday 24th July 2012 21:12 GMT Destroy All Monsters

"There’s no excuse for using encryption this weak; it’s just bad security."

Calling the MD5 hash function "encryption" is just fuzzy terminology.

Where's the salt?

P.S.: http://isc.sans.edu/tools/reversehash.html

1 0
1. Wednesday 25th July 2012 02:22 GMT Anonymous Coward
  
  Not merely fuzzy terminology.
  
  Not coming from the CTO of a "network security" company. He's just exposed failing to do his homework. Failing to do the homework, by the by, is one major reason for crypto-related breaches.
  
  0 0
Wednesday 25th July 2012 16:28 GMT Trapped

Passwords are distroying the world

It is just annoying the fact that we are still living in a password world. Almost everything is still only password protected. But ultimately the fact is passwords (strong or not) do not replace the need for other effective security control. As was stated passwords are useless, outdated, and a security risk. That same organization understood that only real solution is the need to add additional layers of authentication for access and transaction verification without unreasonable complexity and this will of help to their customers if they implement some form of a two-step or two-factor authentication were you can telesign into your account and have the security knowing you are protected if your password were to be stolen. This should be a prerequisite to any system that wants to promote itself as being secure. With this if they were to try to use the “stolen” password and don’t have your phone nor are on the computer, smartphone or tablet you have designated trusted, they would not be able to enter the account.

0 0