One of these days . . . ONE of these days
Companies that are sloppy with their customer's private data will get it. Right . In. The. Kisser.
But not today.
Passwords were among the 23 million customer records siphoned from CafePress by hackers – and the site was using the less secure SHA-1 hashing algorithm to store half of its users' credentials. As El Reg and the rest of the security-focused media reported yesterday, CafePress had around 23 million customer records exfiltrated …
This kind of seems like a thing that the very second you here about it, you publically say... I'M ON IT!! Waiting until you have to say "We've been working on how to address this." is the plan for the cowardly (and most certainly shady) types of companies. Seems nuts to say nothing, which says a lot about your company.
And the part about the hex codes SHA's, maybe they weren't about to migrate, maybe they already did!!
"passwords exposed encoded in base64 SHA-1, which is a very weak encryption method to use"
Hashing is not encryption. No one with strong passwords had them "exposed".
If there are duplicates probably dictionary attacks are possible against weak passwords. Not good if you use the same weak password everywhere.
SHA1 is not recommended because you can find collisions, not because its "weak encryption".
Even MD5 keeps stong passwords secure. You can create a collision in seconds. But that does not expose any passwords.
To are technically correct.
And entirely wrong in practice.
If your password is "29bAjwqsG3ikbqHqu9F8gg", and "1111111" hashes to the same thing as "29bAjwqsG3ikbqHqu9F8gg", then you have two functional passwords. If I find either, you lose.
As it happens, the definition of a weak hash is one that it is easy to find values to meet any particular hash. So while perhaps "1111111" does NOT hash to the same thing, I can take the (salted) hash of your password, and FIND that "Pv1po81mVHH8+YrBOC8FNgZqRckT111sITatDm0ObuVw" does hash to the same thing, with a relatively limited effort.
Re "you lose". You dont loose much. If hackers find a collision and that will (might) get them logged into cafepress as you, and can see your mug purchasing history. Perhaps siphon off a bit more personal info than they got in the first hack.
My point is hacker has not found the users original password you have found a different password that will do (for entering cafepress through the front door). Passwords are only *exposed* if they are weak and subject to dictionary attacks. Password is not there for the decrypting. Data is lost when you hash. Just saying hashing is not encryption, and passwords are not exposed by finding collisions.
Its still right in practice. Sha1 is not easy to find collisions, one has been found ever. It cost Google a huge amount to find it.
It is unlikely that someone spends that amount money to find another collision for the purpose of entering cafepress.com as someone else. Practically password hashing with sha1 is still safe in 2019 for most use cases.
It will never get past a security audit tho because knowlegable infosec bods will direct you to shattered.io and tell you "sha1 is broken".
Another practical problem with sha1 collisions is that if you do spend $100,000 on finding a collision chances are you dont get a valid unicode string that passes input validation.
Dictionary attacks are a different story.
Similar situation for me: Account included in breach notifications, but my last interaction with them was in August 2010. I have no account according to their "forgot password" page.
I raised a ticket, and CafePress helpdesk tell me my account was 'archived due to inactivity' in Jan 2019, although their 2017 user agreement says accounts will be suspended for inactivity more than 12 months (rather than over 8 years). Of course once your account is archived there is no self-service way to delete it..
Unfortunately failed to address my questions on why they were still holding my data, or what GDPR compliance is in place.
I've just got back to them to exercise my 'right to be forgotten' - a bit late but better to clean up my old data with them whilst they are under focus.