Home page logo
/

isn logo Information Security News mailing list archives

Bitcoin-only poker site resets user credentials after 42, 000 passwords leak
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 20 Dec 2013 09:59:07 +0000 (UTC)

http://arstechnica.com/security/2013/12/bitcoin-only-poker-site-resets-user-credentials-after-42000-passwords-leak/

By Dan Goodin
Ars Technica
Dec 19 2013

An online poker service that deals solely in Bitcoin has issued a mandatory password reset one day after someone published login credentials for more than 42,000 enthusiasts of the card game and digital currency.

An advisory published Thursday by Seals with Clubs warns, "Our database containing user credentials was likely compromised." Left out is any mention of a list of 42,020 hashes posted to a user forum about 24 hours earlier. While the person posting didn't identify the source of the cryptographically salted SHA1 hashes, early rounds of cracking uncovered passwords such as "sealswithclubs", "88seals88", "bitcoin1000000", and "pokerseals". Password security experts almost immediately suspected that they belonged to Seals with Clubs users. Thursday's advisory from the site is probably the closest we'll get to a definite confirmation.

In Wednesday's post, which was made to a paid password recovery forum operated by commercial password cracking software developer InsidePro, the user StacyM attached a database of hashes and offered $20 in Bitcoins for every 1,000 unique hashes that were cracked. Nine minutes later, the first reply came in, claiming to have recovered the first 1,000. One day in, about two-thirds of the list has been cracked. It wouldn't be surprising to see that amount reach 80 percent or higher in the coming days.

On the Seals with Clubs site, operators described themselves this way:

[...]



--
Find the best InfoSec talent without breaking your
IT recruiting budget! Save 50 percent off our normal
rate by using the discount code - XMAS2013
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/


  By Date           By Thread  

Current thread:
  • Bitcoin-only poker site resets user credentials after 42, 000 passwords leak InfoSec News (Dec 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault