#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

password hashes | Breaking Cybersecurity News | The Hacker News

Category — password hashes
Taringa: Over 28 Million Users' Data Exposed in Massive Data Breach

Taringa: Over 28 Million Users' Data Exposed in Massive Data Breach

Sep 04, 2017
Exclusive — If you have an account on Taringa , also known as "The Latin American Reddit," your account details may have compromised in a massive data breach that leaked login details of almost all of its over 28 million users. Taringa is a popluar social network geared toward Latin American users, who create and share thousands of posts every day on general interest topics like life hacks, tutorials, recipes, reviews, and art. The Hacker News has been informed by LeakBase , a breach notification service, who has obtained a copy of the hacked database containing details on 28,722,877 accounts, which includes usernames, email addresses and hashed passwords for Taringa users. The hashed passwords use an ageing algorithm called MD5 – which has been considered outdated even before 2012 – that can easily be cracked, making Taringa users open to hackers. Wanna know how weak is MD5?, LeakBase team has already cracked 93.79 percent (nearly 27 Million) of hashed passwords s...
DailyMotion Hacked — 85 Million User Accounts Stolen

DailyMotion Hacked — 85 Million User Accounts Stolen

Dec 06, 2016
Another day, another data breach. This time a popular video sharing platform DailyMotion has allegedly been hacked and tens of millions of users information have been stolen. Breach notification service LeakedSource announced the data breach on Monday after the company obtained 85.2 Million records from Dailymotion. According to LeakedSource, the DailyMotion data breach appears to have taken place on October 20, 2016, which means it is possible that hackers have been circulating the data for over a month. The stolen data consists of 85.2 Million unique email addresses and usernames and around 20 percent of the accounts (more than 18 Million users) had hashed passwords tied to them. The passwords were protected using the Bcrypt hashing algorithm with ten rounds of rekeying, making it difficult for hackers to obtain user's actual password. Bcrypt is a cryptographic algorithm that makes the hashing process so slow that it would literally take centuries to actual brute-...
Beyond Compliance: The Advantage of Year-Round Network Pen Testing

Beyond Compliance: The Advantage of Year-Round Network Pen Testing

Nov 18, 2024Penetration Testing / Network Security
IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here's the thing: hackers don't wait around for compliance schedules. Most companies approach network penetration testing on a set schedule, with the most common frequency being twice a year (29%), followed by three to four times per year (23%) and once per year (20%), according to the Kaseya Cybersecurity Survey Report 2024 . Compliance-focused testing can catch vulnerabilities that exist at the exact time of testing, but it's not enough to stay ahead of attackers in a meaningful way. Why More Frequent Testing Makes Sense When companies test more often, they're not just checking a box for compliance—they're actually protecting their networks. The Kaseya survey also points out that the top drivers for network penetration testing are: Cybersecurity Control and Validation (34%) – ensuring the security controls work and vulnerabilities are minimized. Re...
Cryptography Hacks - Hash Encryption using DuckDuckGo Search Engine

Cryptography Hacks - Hash Encryption using DuckDuckGo Search Engine

Jan 30, 2014
Over the past several months, it has become clear that the Internet and our Privacy have been fundamentally compromised. A Private search engine DuckDuckGo claims that when you click on one of their search results, they do not send personally identifiable information along with your request to the third party. Like Google dorks (advance search patterns), there are thousands of similar, but technically more useful search hacks are also available in DuckDuckGo called DuckDuckGoodies . Today I am going to share about Handy " Cryptography " using DuckDuckGo search engine . Whether you are a Hacker, Cracker or a Researcher, you need to face a number of hash strings in your day to day life. Hashing is a one way encryption of a plain text or a file, generally used to secure passwords or to check the integrity of the file. There is a certain set of hashing algorithms, e.g.md5, sha1, sha-512 etc. A hash function generates the exact output if executed n numbe...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Github accounts compromised in massive Brute-Force attack using 40,000 IP addresses

Github accounts compromised in massive Brute-Force attack using 40,000 IP addresses

Nov 21, 2013
Popular source code repository service GitHub has recently been hit by a massive Password Brute-Force attack that successfully compromised some accounts,  GitHub has urged users to set up two-factor authentication for their accounts and has already reset passwords for compromised accounts. " We sent an email to users with compromised accounts letting them know what to do ," " Their passwords have been reset and personal access tokens, OAuth authorizations, and SSH keys have all been revoked. "  However, GitHub uses the  bcrypt  algorithm to hash the passwords , which is extremely resilient against brute force attacks because it takes an inordinate amount of time to encrypt each password. In a blog post , GitHub engineer Shawn Davenport said that a brute force attack from around 40,000 IP addresses revealed some commonly used passwords . These addresses were used to slowly brute force weak passwords. In addition to normal strength re...
Official Debian and Python Wiki Servers Compromised

Official Debian and Python Wiki Servers Compromised

Jan 09, 2013
Administration from Debian and Python project official websites confirmed that their WIKI servers were compromised by some unknown hackers recently. Hackers was able to hack because of several vulnerabilities in " moin " package. According to  Brian Curtin at Python Project , Hacker user some unknown remote code exploit on Python Wiki server (https://wiki.python.org/) and was able to get shell access. The shell was restricted to "moin" user permissions, where but no other services were affected. Attacker deleted all files owned by the "moin" user, including all instance data for both the Python and Jython wikis. Python Software Foundation encourages all wiki users to change their password on other sites if the same one is in use elsewhere. For now, Python Wiki is down and team is investigating more about breach. Where as in Debian Wiki (https://wiki.debian.org/) security breach, user use some known vulnerabilities Directory traversal...
Expert Insights / Articles Videos
Cybersecurity Resources