Three years after the site was hacked, the group was told

Summary: Australia's most famous group buying website catch the day announced that the site was hit by hackers, some of its users ' passwords and credit card data were stolen. Shockingly, this hacker attack took place more than three years ago, and the catch of the day is now

Australia's most famous group buying website catch the day announcing that the site was hit by hackers and some of its users ' passwords and credit card data were stolen.

It is shocking that this hacker attack took place more than three years ago, and catch of the day only now disclosed the incident.

A message was sent to a user according to catch of the day, which was discovered shortly after the website was hacked and reported to the Australian Federal Police (Australian firstly). In addition to some user password leaks, these passwords are encrypted with hash (hash) one-way hashing algorithms, and some credit card data is stolen. The company notified the users immediately after the data was leaked, while the other users were kept in the dark.

Catch of the day said it eventually decided to disclose the data disclosure incident because of concerns that the hacker's hacking technology had developed to the extent that it could read the plaintext of the hash cipher.

Perhaps out of ignorance, Catch of the day did not point out that hackers had been able to crack simple passwords years ago, and that their password-cracking techniques would only get better. Every time a password leak event is made, the hacker can have a deeper understanding of the hashing algorithm's computational process. Given that more than three years have elapsed since the hacking attack, hackers may have successfully read the plaintext of the stolen passwords.

"It's absurd that they notify users of data leaks over a three-year interval," he said. In the past three or four years, if these users are still using the same password, there may be a larger problem. ”