Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
China Privacy Security IT

Chinese Developer Forum Leaks 6 Million User Credentials 102

Posted by timothy from the it's-curtains-for-you-elizabeth-my-dearbook dept.
gzipped_tar writes "The 'Chinese Software Developer Network' (CSDN), operated by Bailian Midami Digital Technology Co., Ltd., is one of the largest networks of software developers in China. A text file with 6 million CSDN user credentials including user names, password, emails, all in clear text, got leaked to the Internet. The CSDN has issued a letter of apology to its users. In the letter, it is explained that passwords created before April 2009 had been stored in plain text, while later passwords were encrypted. Users created between September 2010 and January 2011 may still suffer from email address leaks. A summary of the most frequent passwords without the corresponding usernames is available at GitHub. Somewhat surprisingly, the cryptic sounding password 'dearbook' ranks 4th with 46053 accounts using it."
This discussion has been archived. No new comments can be posted.

Chinese Developer Forum Leaks 6 Million User Credentials More

Chinese Developer Forum Leaks 6 Million User Credentials

Comments Filter:

  • Re:'dearbook'? (Score:5, Informative)

    by Anonymous Coward on Thursday December 22, 2011 @12:14PM (#38460216)

    dearbook.com.cn is a chinese online technical book retailer owned by CSDN.

  • Re:Before April 2009 (Score:5, Informative)

    by OverlordQ ( 264228 ) on Thursday December 22, 2011 @12:19PM (#38460286) Journal

    So you have to check in your code if an account has been created before and after 04/2009, and do different actions to check their credentials upon that? Yuuuck.

    Mediawiki is (re: was) like that. When it changes password schemes it detects which version the pw is stored in, authenticates using that (older) method and then upgrades you to the new format.

  • Re:some thing to do with dearleader? (Score:5, Informative)

    by cyfer2000 ( 548592 ) on Thursday December 22, 2011 @12:29PM (#38460396) Journal
    it's an online book store.

  • Re:I've never understood clear text passwords (Score:2, Informative)

    by jabbany ( 2425264 ) on Thursday December 22, 2011 @12:46PM (#38460572)

    It's sooooo easy to md5 a password before doing anything with it. md5 it in javascript and never bother collecting the clear text, is it the most secure ever? probably not. Is it a billion times better than cleartext and unbelievably easy? Yes.

    Actually, doing MD5 on a client side script is severe no-no if it were the only form of authentication. A hacker could simply run a script running through all 16^32 possiblities of the MD5 hash instead of the almost infinite possiblities of the original password. Doing a client side MD5 actually weakens many passwords instead of strenthening them. You're left with something around an 18 character alpha-numeric-symbol password - no matter how long or difficult your original password was.

Slashdot Top Deals

"I've seen it. It's rubbish." -- Marvin the Paranoid Android

Close