Zoosk asks users to reset passwords following mass leak
Posted on 12 March 2013.
Online dating service Zoosk is urging some of its users to change their passwords following the leaking of a list of some 29 million passwords that seemingly contains theirs.


According to password expert Jeremi Gosney, who cracked over 90 percent of the leaked MD5 hashes (which were, unfortunately, not salted), nearly 3,000 contained the word "zoosk" in a variety of predictable combinations such as "logmein2zoosk" and "ilovezoosk".

The set also includes a number of passwords containing word combinations such as "lookingforlove" and "lookingforsex," which definitely points to the fact that the password must belong to users of a one or more online dating services (not necessarily Zoosk).

According to Ars Technica, the individual who posted links to the cracked passwords claims that the sets contain passwords from various sources, and the fact that they contain words like "yahoo", "hotmail," "linkedin" and similar supports the claim.

A Zoosk spokeswoman confirmed that they were asking a "small subset" of their users to reset their passwords, but said that their internal investigation so far revealed no evidence of their network having been compromised, and that they received no reports of user accounts being accessed by anyone other that the legitimate users.

She also added that the service no longer uses MD5 to encrypt user passwords. Instead, they have been employing the PBKDF2 key derivation function with the SHA-256 algorithm and salting, which makes the cracking of the password hashes considerably more time-consuming.









Spotlight

The context-aware security lifecycle and the cloud

Posted on 25 November 2014.  |  Ofer Wolf, CEO at Sentrix, explains the role of the context-aware security lifecycle and illustrates how the cloud is shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Nov 26th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //