Lessons from the Hookers.nl breach: cracking 57% of the passwords in three days

Dutch website Hookers.nl — used by prostitutes, escorts and their customers — had been hacked. The site’s user database was stolen and is actively being traded in the underground, and sold for about 2 Euros. The dump contains data of — among others — employees of Dutch governmental intuitions like the department of defense, foreign affairs and law enforcement. Since data is now within virtually anyone’s reach, we expect scams to blackmail users soon.

Hookers.nl publicly stated that passwords were not stolen. Strictly speaking this is true: the database does not contain plain text passwords but hashed passwords. Scattered Secrets was able to crack 57% of the password hashes in three days. This is our story.

Door |2024-07-25T14:36:27+00:00oktober 31, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Lessons from the Hookers.nl breach: cracking 57% of the passwords in three days

How to crack billions of passwords?

All kinds of online services get hacked. This includes services that you might be using. Scattered Secrets is a password breach notification and prevention service. We continuously collect publicly available hacked databases and try to crack the corresponding passwords. Verified account owners can access their own information and take appropriate action to keep their accounts safe and prevent against account takeovers. At the time of writing, our database includes nearly four billion — yes, that is with a B — plaintext passwords. Users occasionally ask us how we can crack passwords on such a large scale. To answer this, first we need to look at the basics.

Door |2024-02-17T11:04:28+00:00september 19, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor How to crack billions of passwords?

Gain more insight and create doomsday scenarios for better threat modeling

In previous blogs you could already read about what threat modeling is, and about the 4 steps. In practice, however, threat modeling is more than just a technical analysis of your application. The threat landscape is constantly evolving, and so is your organisation. Therefore, you need to understand the technical and business context, and create doomsday scenarios.

As a result, you have a broader insight of the threats to your application.

Door |2024-09-30T09:26:05+00:00februari 8, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Gain more insight and create doomsday scenarios for better threat modeling
Ga naar de bovenkant