[outages] eBay password changes -- were they attacked?
Chris Swingler
chris at chrisswingler.com
Tue Apr 5 12:21:57 EDT 2016
Possibly, though I'd lean more toward the password list coming from a phishing site, in which case everything would be in the clear, and testing it against their own properly salted, hashed password database would be trivial.
> On Apr 5, 2016, at 11:18 AM, Joey Kelly via Outages <outages at outages.org> wrote:
>
> On 04/05/2016 10:51 AM, DJ Anderson via Outages wrote:
>> I got one of those a few weeks ago.
>>
>> When I inquired about it I was told that the password I was using was found on some leaked password list and due to that they had set a temporary password to protect my account.
>>
>> -DJ
>
>
>
> Does that not imply they are not using salted hashes, but storing the
> passwords in plaintext? Or maybe they're intercepting the passwords and
> testing them against a dictionary? I might be OK with the latter, maybe
> (but who appointed them to be the world's password police?)
>
> --Joey Kelly
>
>
> <snip>
>
> --
> Joey Kelly
> Minister of the Gospel and Linux Consultant
> http://joeykelly.net
> 504-239-6550
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages
More information about the Outages
mailing list