July 19, Australia's most famous group buy website catch the day announced that the site was attacked by hackers, some of its users password and credit card data stolen.
It is shocking that this hacker attack took place more than three years ago, and catch of the day only now disclosed the incident.
A message was sent to a user according to catch of the day, which was discovered shortly after the website was hacked and reported to the Australian Federal Police (Australian firstly). In addition to some user password leaks, these passwords are encrypted with hash (hash) one-way hashing algorithms, and some credit card data is stolen. The company notified the users immediately after the data was leaked, while the other users were kept in the dark.
Catch of the day said it eventually decided to disclose the data disclosure incident because of concerns that the hacker's hacking technology had developed to the extent that it could read the plaintext of the hash cipher.
Perhaps out of ignorance, Catch of the day did not point out that hackers had been able to crack simple passwords years ago, and that their password-cracking techniques would only get better. Every time a password leak event is made, the hacker can have a deeper understanding of the hashing algorithm's computational process. Given that more than three years have elapsed since the hacking attack, hackers may have successfully read the plaintext of the stolen passwords.
"It's absurd that they notify users of data leaks over a three-year interval," he said. In the past three or four years, if these users are still using the same password, there may be a larger problem. ”
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
