Lessons from the Hookers.nl breach: cracking 57% of the passwords in three days

Dutch website Hookers.nl — used by prostitutes, escorts and their customers — had been hacked. The site’s user database was stolen and is actively being traded in the underground, and sold for about 2 Euros. The dump contains data of — among others — employees of Dutch governmental intuitions like the department of defense, foreign affairs and law enforcement. Since data is now within virtually anyone’s reach, we expect scams to blackmail users soon.

Hookers.nl publicly stated that passwords were not stolen. Strictly speaking this is true: the database does not contain plain text passwords but hashed passwords. Scattered Secrets was able to crack 57% of the password hashes in three days. This is our story.

Door |2024-07-25T14:36:27+00:00oktober 31, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Lessons from the Hookers.nl breach: cracking 57% of the passwords in three days

How to crack billions of passwords?

All kinds of online services get hacked. This includes services that you might be using. Scattered Secrets is a password breach notification and prevention service. We continuously collect publicly available hacked databases and try to crack the corresponding passwords. Verified account owners can access their own information and take appropriate action to keep their accounts safe and prevent against account takeovers. At the time of writing, our database includes nearly four billion — yes, that is with a B — plaintext passwords. Users occasionally ask us how we can crack passwords on such a large scale. To answer this, first we need to look at the basics.

Door |2024-02-17T11:04:28+00:00september 19, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor How to crack billions of passwords?

Modlishka, de ongewenste proxy!

Terwijl bijna iedereen op 2 januari aan het bijkomen was van oud en nieuw, publiceerde Piotr Dsuzynski een nieuwe tool genaamd Modlishka. Modlishka is een reverse proxy die het mogelijk maakt zonder grote inspanning een zogeheten man-in-the-middle aanval uit te voeren.

Door |2024-02-17T12:16:54+00:00januari 24, 2019|Nederlands, Video|Reacties uitgeschakeld voor Modlishka, de ongewenste proxy!
Ga naar de bovenkant