Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Another month another password disclosure breach - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another month another password disclosure breach

Adobe has revealed that apparently a password database from was compromised via a SQL injection attack.[1]   Ars Technica reports that the passwords were hashed using MD5 (not clear whether they were salted or not).[2]  Do we really need to remind you what constitutes a strong password and not to reuse them?

Some previous password diaries that might be of interest:

Potential leak of 6.5+ million LinkedIn password hashes

Critical Control 11: Account Monitoring and Control

Theoretical and Practical Password Entropy

An Impromptu Lesson on Passwords

Password Rules: Change them every 25 years (or when you know the target has been compromised)




Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022


423 Posts
ISC Handler
Nov 15th 2012
That might well explain the large number of messages claiming to be from LinkedIn which have evil attachments/links.

63 Posts
Looks like they weren't salted. What year is this again? FAIL!

1 Posts
If a month goes by without a password dump being posted online, THEN it'll be news.
No Love.

37 Posts

Sign Up for Free or Log In to start participating in the conversation!