

EHarmony confirms password breach - jwoah12
http://www.pcworld.com/businesscenter/article/257104/dating_site_eharmony_confirms_password_breach.html

======
aaronharnly
Are both of these sites (LinkedIn, eHarmony) really assuming that only the
hashes posted to the forum thread have been compromised? Isn't that, well, a
really really bad assumption?

------
nulluk
With all these breaches my idea for a browser extension that stores a
blacklist of websites & warns you about them mailing plaintext passwords,
insecure password authentication or storing credit card details BEFORE I sign
up has never been more appealing

------
jgrahamc
And apparently they were using unsalted MD5.

~~~
jwoah12
It'll be interesting to see if these two breaches lead to either: 1\. A large
number of websites realizing that their lazy authentication is a time bomb,
and fixing it. 2\. A large number of attackers realizing that many more
websites probably have this kind of vulnerability, and exploiting it.

~~~
weego
I imagine in reality one will try and out-race the other to the outcome they
want (most likely 2 will beat 1).

------
jimm
Another reason I'm glad that I'm married (and faithful)!

~~~
jwoah12
That brings up an interesting thought. I wonder how ashleymadison.com stores
its user data. If any piece of identifying user data were leaked, it could
kill their business (which many would welcome I'm sure).

~~~
jgrahamc
If I were a criminal hacker with access to ashleymadison.com user data I
wouldn't be talking about it. I'd be blackmailing wealthy people who are
cheating on the site or the site itself.

So, I doubt you'd hear about such a hack.

~~~
jwoah12
True. Some people are driven by things other than money, though. e.g. the idea
that they are doing "God's work"

~~~
pcopley
Those people aren't typically hackers.

~~~
jwoah12
Poor choice of words in "God's work." I didn't mean to insinuate that they had
to be religious, just that they are hacking for some ideal(s) rather than
personal gain or just to be a dick. Anonymous, for example.

~~~
pcopley
Gotcha. I was blinded by my own secular zealotry!

