Wednesday, June 13, 2012

Breach update: eHarmony and Last.fm also hit, also idiots

Following up on my report of LinkedIn's password leak, I thought I should note that eHarmony and Last.fm were also hit. And speaking of the thoughtless security practices of LinkedIn, apparently these guys were worse.

Now, I'm not as mad about them because they don't handle user information nearly as important and sensitive as LinkedIn's. But while the SHA-1 hash function LinkedIn was using was weak, the MD5 hash function eHarmony and Last.fm were using has been known to be bad practice since 1996! Apparently they've managed to ignore good advice since the first Clinton administration!

Anyway, another interesting thing about the breach is that the Last.fm database has been floating around the dark parts of the Internet since 2010, so be sure to change your password there too.

No comments:

Post a Comment