RockYou.com Hacked. 32 Million Passwords Stolen. Why Weren’t They Encrypted?
RockYou.com has been hacked through a web application SQL vulnerability. RockYou provides applications and services for social networking sites like Facebook and MySpace
Hackers now have the email addresses and passwords of 32 million people. You’ve got to bet that many of those passwords are the same ones that those people use on their email accounts. That means hackers can get into the email accounts of potentially millions of people…. gaining access to knoweldge of where they do their online banking, e-commerce shopping, etc.
In a security warning posted on RockYou’s website this week, they say that one of the measures they will be taking is to encrypt user’s passwords in their database.
It is just shocking to me that a company with 32 million online users was storing their passwords in the clear. Didn’t these guys take computer science classes? The UNIX operating system has stored hashes of passwords, not actual plaintext passwords, since 1970. I learned not to store plaintext passwords more than 20 years ago when I was in college.
This data breach, and the complete lack of security knowledge, gives me great fear for the security of Cloud computing services. If other companies are so cavalier, or frankly completely ignorant, of basic security design practices, we are in for some serious problems on the Internet.