Lessons from the Hookers.nl breach: cracking 57% of the passwords in three days
Dutch website Hookers.nl — used by prostitutes, escorts and their customers — had been hacked. The site’s user database was stolen and is actively being traded in the underground, and sold for about 2 Euros. The dump contains data of — among others — employees of Dutch governmental intuitions like the department of defense, foreign affairs and law enforcement. Since data is now within virtually anyone’s reach, we expect scams to blackmail users soon.
Hookers.nl publicly stated that passwords were not stolen. Strictly speaking this is true: the database does not contain plain text passwords but hashed passwords. Scattered Secrets was able to crack 57% of the password hashes in three days. This is our story.