- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
A group linked to a pro-Palestinian hacktivist movement has launched a catastrophic cyberattack revealing the details of 31 million people, compromising their email addresses and screen names.
An account on X under the name SN_BlackMeta claimed responsibility for the attack on The Internet Archive, a nonprofit organization, and implied that further attacks were planned. The Internet Archive is known for its digital library and the Wayback Machine. SN_BlackMeta has previously been linked to an attack against a Middle Eastern financial institution earlier this year, and a security firm has linked it to a pro-Palestinian hacktivist movement.
Encrypted passwords were also exposed and although these are relatively safe, users have been advised to change their passwords. And one expert has told Newsweek people should avoid browsing or using any files obtained from the site until it has declared an “all clear.”
Why the hell is anyone still storing actual passwords, even encrypted ones, in 2024? They should only be storing hashes and a salt that’s only retrievable on the backend.
Edit: I stand corrected. Newsweek is just doing its usual shit job of reporting. They should know better than calling hashed passwords “encrypted” passwords.
They aren’t, newsweek is calling it encryption because they’re writing for normies. The leaked data includes bcrypt’ed passwords, so hash and per-password salt. Their choice of hashing function is not what you want to criticise the IA for.
Downvoted for “normies” because it appears to be any person whose specialized knowledge set does not include cryptography.
Everyone’s a normie in some field. “Normie” is context-dependent in all cases.