Zoosk asks users to reset passwords following mass leak
Posted on 12 March 2013.
Online dating service Zoosk is urging some of its users to change their passwords following the leaking of a list of some 29 million passwords that seemingly contains theirs.


According to password expert Jeremi Gosney, who cracked over 90 percent of the leaked MD5 hashes (which were, unfortunately, not salted), nearly 3,000 contained the word "zoosk" in a variety of predictable combinations such as "logmein2zoosk" and "ilovezoosk".

The set also includes a number of passwords containing word combinations such as "lookingforlove" and "lookingforsex," which definitely points to the fact that the password must belong to users of a one or more online dating services (not necessarily Zoosk).

According to Ars Technica, the individual who posted links to the cracked passwords claims that the sets contain passwords from various sources, and the fact that they contain words like "yahoo", "hotmail," "linkedin" and similar supports the claim.

A Zoosk spokeswoman confirmed that they were asking a "small subset" of their users to reset their passwords, but said that their internal investigation so far revealed no evidence of their network having been compromised, and that they received no reports of user accounts being accessed by anyone other that the legitimate users.

She also added that the service no longer uses MD5 to encrypt user passwords. Instead, they have been employing the PBKDF2 key derivation function with the SHA-256 algorithm and salting, which makes the cracking of the password hashes considerably more time-consuming.









Spotlight

European Central Bank blackmailed in wake of data breach

Posted on 24 July 2014.  |  The European Central Bank - the central bank for the euro - has suffered a data breach, and has only discovered it after receiving a blackmail letter from the attacker.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Jul 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //