Notify users of data disclosure events over three years

is because of the fear of http://www.aliyun.com/zixun/aggregation/673.html "> Hacker's crack technology has developed to be able to read the hash password to the extent of the plaintext disclosure.

July 19, according to the relevant information, we know that Australia's most famous group buying website catch the day announced that the hacker attacked the website, which has a part of the user's password and credit card data stolen.

Surprisingly, this hacker attack took place more than three years ago, and now Catch of the day only disclosed the incident.

According to the information, we know that the company found the incident soon after the website was attacked by hackers and reported to the Australian Federal Police (Australian firstly). In addition to some user password leaks, these passwords are encrypted with hash (hash) one-way hashing algorithms, and some credit card data is stolen. The company notified the users immediately after the data was leaked, while the other users were kept in the dark.

Catch of the day said it eventually decided to disclose the data disclosure incident because of concerns that the hacker's hacking technology had developed to the extent that it could read the plaintext of the hash cipher.

Perhaps out of ignorance, Catch of the day did not point out that hackers had been able to crack simple passwords years ago, and that their password-cracking techniques would only get better. Every time a password leak event is made, the hacker can have a deeper understanding of the hashing algorithm's computational process. Given that more than three years have elapsed since the hacking attack, hackers may have successfully read the plaintext of the stolen passwords.

"It's absurd that they notify users of data leaks over a three-year interval," he said. In the past three or four years, if these users are still using the same password, there may be a larger problem. ”