Hacker database discovered with millions of account credentials from Facebook, Twitter, Yahoo

By Shawn Knight ยท 21 replies
Dec 5, 2013
Post New Reply
  1. Researchers at cyber security firm Trustwave recently discovered a hacker database that contains more than 2 million stolen passwords associated with a variety of popular services including Facebook, Gmail, Twitter and Yahoo. These services and more have been resetting account...

    Read more
  2. VitalyT

    VitalyT Russ-Puss Posts: 3,665   +1,950

    It reads - hacker's database got hacked... :)
    H3llion and wastedkill like this.
  3. "Perhaps more disturbing than the theft itself is the fact that people are still using absurdly simple passwords to protect their online accounts."

    What else is new?
    wastedkill likes this.
  4. insect

    insect TS Evangelist Posts: 349   +132

    There was some article on passwords I read that something like this (paraphrasing):
    Corporations continue to make passwords more 'complex' by requesting numbers, special characters, combinations of upper and lower-case, non-dictionary words, etc. Computers are very good at running lots of combinations of anything... indefinitely. So passwords are getting easier and easier for computers to 'guess' and harder and harder for humans to remember. Humans write them down or choose the most simplistic of the requirements resulting in an even more insecure environment.

    The best passwords are two-words that are random, but easy to remember (I.e., if you have a picture of your kid/spouse/whatever at your desk choose their shirt brand/type with your favorite feature - TommyHilger Eyes). Hard for humans and computers to guess because it's not worth the time for a bot to run the time required to find that (assuming the bot is programmed to even look for such things) but easy for you to remember.
  5. davislane1

    davislane1 TS Grand Inquisitor Posts: 4,737   +3,757

    This is why all of my passwords are highly secure numeric anagrams. For instance: 12345 becomes 54321. No one's brute forcing that.
    ikesmasher likes this.
  6. As computers become more powerful, 15 digit character and numbers only passwords can be cracked in less than a week (brute force, less using Smart Brute Force). Yet I still run into financial companies that restrict passwords to numbers or characters and numbers between 8 and 10 characters in length. (Yes I'm talking about you Fidelity and PNC.)

    We need to get to QR encoded visual password systems or something similarly large and tough to manually copy and hard to crack using brute force. Of course social engineering is the easiest way to crack a password.
  7. It would help if the title either said "and others", or included gmail. As it is now, I read the title quickly and thought "I don't use any of the 3 services listed so I have nothing to worry about" and almost skipped the article. I do use gmail though...
  8. "No one's brute forcing that."

    I've seen plenty of brute force "password" database files (or just simple notepad files) that have a list of common passwords and their anagrams. It doesn't matter if it's words or numbers. The best thing to use is passphrases and then maybe some numbers. Like two or more word combos like one commenter mentioned above.
  9. For remote connections to secure server we only use keys. Maybe a secure USB key that your browser recognizes with your encrypted passwords? If a user inserts the key into the computer, your browser or application recognizes your key and automatically allows you to login to secure websites that key is authenticated for?
  10. ikesmasher

    ikesmasher TS Evangelist Posts: 3,000   +1,319

    Sarcasm is a heck of a thing.
    davislane1 likes this.
  11. mattfrompa

    mattfrompa TS Evangelist Posts: 553   +57

    exactly https://www.grc.com/sqrl/sqrl.htm
  12. This wouldn't make headlines if everyone had secured their accounts with multi-factor authentication.
  13. Make it jail for life or death sentence and let's see how many hackers are left after that.
  14. It doesn't really matter how secure your password is. Don't you know that facebook and google are already scanning your information and making it available to other businesses and government? They've basically already hacked your account and exploited you in ways we're only beginning to understand. Everyone should consider using privacy-based services such as Ravetree, DuckDuckGo, and HushMail.
  15. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 9,728   +3,701

    Which should imply there is nothing within the account worth hacking it for. I used a simple password (the same password for the last 15 years), but if the account was important enough, I would choose to use something more complex. I don't have anything to worry about, because I'm not a major target.
  16. Facebook, Twitter & Yahoo are all free....

    Who cares if someone can gain access to those accounts... they are throw away and pointless.

    Gmail is free too... who cares what a hacker can do, or read..? Google is already one up, on these hackers, as their users have already given permission for Google to do what these hackers are trying to do. (Read & steal your info..)
  17. tipstir

    tipstir TS Ambassador Posts: 2,475   +126

    Most are using the easy route but they don't realize what could happen with this script kiddies out there.

    This is Password Length: 16
    Password Example: w3lCR(?nS..vD94c
    Safe level: High
  18. tomkaten

    tomkaten TS Maniac Posts: 222   +143

    From howsecureismypassword:

    "It would take a desktop PC about 412 trillion years to crack your password". :)

    Still, I don't get what password complexity has to do with a topic about a botnet with a keylogger. Yeah, we all know the average man's password still sucks, but that's irrelevant here IMO.
  19. Skandranonsg

    Skandranonsg TS Rookie

    That is very very wrong. If you are against some ignorant skid that doesn't know what a dictionary attack is and is trying to brute-force passwords, then your method works. However, any hacker worth their salt (get it, salt?) will crack a two-word or even four-word password in a matter of hours.

    The most secure method of obtaining a pseudo-random password that is easy to remember, but hard to guess is an anagram of a sentence. So "My aunt Sally was born on Friday, December 22nd." becomes "MaSwboF,D22." Now you have an 11 character password that is incredibly hard to guess, very easy to remember, and almost impossible to crack. And it contains two special characters, two numbers, two upper case, and two lower case.
  20. Alpha Gamer

    Alpha Gamer TS Evangelist Posts: 354   +116

    best password ever
  21. What's more disturbing is that you believe that a strong password can save your ***. All you have to do is learn someones weak reset credentials and you have defeated their strongest passwords.
  22. Wow. People still think passwords work. After so many have pointed out that they are pointless when someone installed a keylogger on your computer. With that you are actually giving your password away. How about the dumb user with the secure password who falls for the your account has been compromised here is a link to change your password. You enter your password. How about this I tell you on my website that what you entered is wrong and you thinking you forgot your password keep trying to guess at it while giving me all your passwords you ever had. You keep trying not even thinking that it is a fake web site. Hahaha.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...