Skip to main content

More user passwords dumped, this time from alleged Billabong.com hack

posted onJuly 13, 2012
by l33tdawg

Hackers dumped another huge cache of stolen passwords, this time exposing what they said are as many 35,000 plaintext passcodes from the website of clothing maker Billabong International.

A post on CodePaste.net claimed 20,000 to 35,000 user names and corresponding passwords were retrieved in the hack of billabong.com. But the post included only 1,435 plaintext user credentials and didn't explain the discrepancy. Australia-based Billabong provides the accounts to customers to make frequent online purchasing more easy. The post also included what it claimed were user names and hashed passwords for MySQL accounts used to administer the site.

The post comes less than 24 hours after the discovery of a separate password dump that affected more than 453,000 accounts for Yahoo's Contributor Network (previously Associated Content). In both cases, web administrators appear to have stored the passwords in plaintext, a practice that's severely frowned upon in the security profession because it makes life much easier for hackers who gain a foothold into a vulnerable system. With only a little extra work, admins could have used Bcrypt or another modern cryptographic algorithm to scramble the passwords into one-way hashes that can't easily be reversed. The hashes may still be cracked, but if the process is done correctly, the protection buys hacked websites enough time to warn users before their plaintext passwords are circulated.

Source

Tags

Security. Hackers Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th