» Topic:  Passwords on the loose

» Added by:  Mikko

» Date:  14.10.2007

  An unknown group has caused quite a hassle by publicly posting information about tens of thousands of user accounts.

A 4.5MB textfile (passlist.txt) was uploaded to a Finnish website earlier today. The file contains usernames, email addresses, passwords and uncracked password hashes of almost 79,000 user accounts. These account are mostly from different Finnish web forums.

It's quite trivial to find the correct password based on the password hash, assuming the password is "easy" and can be found from a password dictionary. The passlist.txt file claims that the hack has been done by two Swedish hackers but this has already been disputed.

The case bares some resemblance to an incident six weeks ago, where Swedish hacker Dan Egerstad published hundred passwords to different embassies and government organisations. However, in that case the information was stolen by Mr. Egerstad by running rogue TOR exit node servers.

In today's case, the information has been stolen by unknown parties - most likely by hacking the servers of several Finnish web forums: that's pretty much the only way to gain access to the password hashes.

More discussion (in Finnish) via Muropaketti.

Source : http://www.f-secure.com/