The December 2022 issue of IEEE Spectrum is here!

Close bar

It has been relatively quiet on the IT hacking front for the past month since LinkedIn and eHarmony were hacked and some 8 million user passwords taken. But things hotted up this past week, with several major hacks targeted at the social media site Formspring, search company Yahoo, and just announced today, hardware maker Nvidia.

On Monday, hackers posted password information on 420,000 Formspring accounts online, which caused it to reset the passwords for all 28 million users on Wednesday as a precaution. A story at the San Francisco Chronicle quotes the following from Formspring founder Ade Olonoh’s blog that, ”We found that someone had broken into one of our development servers and was able to use that access to extract account information from a production database."

The Formspring passwords taken were encrypted, and the company “salts” its password files, making it more difficult for them to be decrypted than in the LinkedIn and eHarmony cases. A story in Secure Computing magazine says that Formspring has taken additional steps to increase the strength of the password encryption technique it uses.

Then yesterday came word that Yahoo had been hacked and that password information on some 453,000 accounts had been posted online. The information was taken from the Yahoo Contributor Network, an Internet publishing company Yahoo had acquired in 2010, says a story at the Chicago Tribune.

This time, the password information stolen was unencrypted, which is surprising for a company that really should know better. Yahoo tried to play down the breach by saying the file stolen was old and that less than 5% of the Yahoo accounts taken were still active. However, the password information taken also included “106,000 Gmail e-mail addresses, 55,000 Hotmail e-mail addresses and 25,000 AOL e-mail addresses,” according to the New York Times. The Tribune story also notes that accounts from Comcast Corp, Verizon Communications, and AT&T were exposed as well. It is unclear how many of those accounts are still active, but most of the companies have already stated that they have reset the passwords of the affected accounts.

The hackers who broke into Yahoo stated they did it as a “wake-up call” to show how poor Yahoo’s security was. As numerous stories have also pointed out, the hack illustrated (again) how account holders too often use lame passwords.

Finally, there is word filtering out this morning that Nvidia’s developer forums were also hacked last week and the password information for an unknown number of accounts was taken. Nvidia has closed down the forums while an investigation is taking place. While the password information was encrypted and salted, Nvidia is telling users, “As a precautionary measure, we strongly recommend that you change any identical passwords that you may be using elsewhere.”

They should probably have added, “And while you’re at it, ensure that none of your passwords for any of the sites you are registered for are identical.” That is your biggest risk.

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
Horizontal
An illustration of a series
Carl De Torres
LightBlue

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less