ONE MILLION email addresses and clear-text passwords. Ouch.
That far surpasses the Gawker hack since all of Gawker's passwords were encrypted with a somewhat easily reversible hash (for simple passwords) and only a subset of those passwords were recovered.
Imagine what governments could do with all those email/password combinations. Cross reference email addresses with a target internal database and an agency could (is) within minutes begin to systematically download an enormous amount of emails and other private data.
And the spammers...
And nobody ever uses the same password across different systems, right?
> Imagine what governments could do with all those email/password combinations. Cross reference email addresses with a target internal database and an agency could (is) within minutes begin to systematically download an enormous amount of emails and other private data.
Sadly, governments don't need a hack like this to get at email.
Hard to believe after initial hack they didn't launch a group wide memo from the CEO to encrypt all personal data. Could have brought some DLP vendor in to find it and roll out rapid database level encryption without changing application code. SQL injection vulnerabilities in this day and age is unforgivable but unfortunatly not uncommon. Sony will not be the only global company with hundreds of such vulnerabilities
That far surpasses the Gawker hack since all of Gawker's passwords were encrypted with a somewhat easily reversible hash (for simple passwords) and only a subset of those passwords were recovered.
Imagine what governments could do with all those email/password combinations. Cross reference email addresses with a target internal database and an agency could (is) within minutes begin to systematically download an enormous amount of emails and other private data.
And the spammers...
And nobody ever uses the same password across different systems, right?
Like I said, ouch.