In recent years, we have seen news on several hacks from groups and individuals claimed to be part of the Anonymous collective. Many of those hacks resulted in the leak of databases containing emails and passwords that were published on Pastebin and file sharing sites such as MediaFire and RapidShare. While some of the passwords extracted from the leaked databases may be hashed, i.e. with one-way hash function such as MD5 and SHA1, they can be easily translated to cleartext passwords using tools that are freely available on the Internet such as JtR. Worst, many of the email/password combinations are being reused on other sites and users from the hacked sites may not even be aware that their accounts on other sites have been compromised.



If you use site that requires your email/password combination, we cannot stress enough the importance of keeping that combination unique only for that site. There are many free and secure password manager applications that can help you keep track of your combinations. These applications can be used to generate strong passwords and many support synchronizing your passwords between your devices that you use to access your sites.


In order to demonstrate the danger of password reuse, we have created reusable.py, written in under 200 lines of Python code. The script checks if owner of each email/password combination uses it to login into Twitter in addition to the site where the combination was originally leaked from. For the complete list of accounts logged in successfully by reusable.py, see the list of Twitter followers for @reusable_py. This is the Twitter account that we have created for the purpose of this demonstration. This account also serves the purpose of alerting users that may have had their accounts compromised as a result of the published leaks. If you are already following @reusable_py without having explicitly following the account, be sure to update all your online accounts each with a strong and unique password.



© 2014 Dazzlepod · Terms · Privacy

DISCLAIMER
Dazzlepod is in no way associated with individual or group that has originally leaked the information disclosed on this page. This disclosure is brought to the public to allow affected users to be aware of the leak and take the appropriate steps to secure their accounts and personal information.