![]() Only half the accounts get the "good" algorithm but here's the rub: the bcrypt accounts include the salt whilst the SHA1 accounts don't. It's a relatively even distribution of the two which appears to represent a transition from the weaker SHA variant to bcrypt's adaptive workload approach at some point in time. What we've got here is two files with email address and bcrypt hashes then another two with email addresses and SHA1 hashes. Very shortly after, a supporter of Have I been pwned (HIBP) sent over the data which once unzipped, looked like this: Not just a little bit hacked and not in that "someone has cobbled together a list of credentials that work on Dropbox" hacked either, but proper hacked to the tune of 68 million records. Earlier today, Motherboard reported on what had been rumoured for some time, namely that Dropbox had been hacked. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |