Zoosk asks users to reset passwords following mass leak
Posted on 12 March 2013.
Online dating service Zoosk is urging some of its users to change their passwords following the leaking of a list of some 29 million passwords that seemingly contains theirs.

According to password expert Jeremi Gosney, who cracked over 90 percent of the leaked MD5 hashes (which were, unfortunately, not salted), nearly 3,000 contained the word "zoosk" in a variety of predictable combinations such as "logmein2zoosk" and "ilovezoosk".

The set also includes a number of passwords containing word combinations such as "lookingforlove" and "lookingforsex," which definitely points to the fact that the password must belong to users of a one or more online dating services (not necessarily Zoosk).

According to Ars Technica, the individual who posted links to the cracked passwords claims that the sets contain passwords from various sources, and the fact that they contain words like "yahoo", "hotmail," "linkedin" and similar supports the claim.

A Zoosk spokeswoman confirmed that they were asking a "small subset" of their users to reset their passwords, but said that their internal investigation so far revealed no evidence of their network having been compromised, and that they received no reports of user accounts being accessed by anyone other that the legitimate users.

She also added that the service no longer uses MD5 to encrypt user passwords. Instead, they have been employing the PBKDF2 key derivation function with the SHA-256 algorithm and salting, which makes the cracking of the password hashes considerably more time-consuming.


eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Dec 18th