About 42,000 passwords leaked out from Bitcoin exclusive poker site

ByBTC Keychain

A virtual currency to be obtained by mining from a computer "Bitcoin (bit coin)"Is getting more popular day by day because payment fee is cheap and can be sent and received easily, and in ChinaRegulation of financial services using bit coinsIt has evolved into a situation to be done. Along with the popularity of bit coins, an online poker site dedicated to bit coins appeared, but as a result of using a vulnerable hash algorithm, passwords for about 42,000 users leaked out.

Manditory Password Reset | Seals with Clubs
https://sealswithclubs.eu/manditory-password-reset/

Bitcoin-only poker site resets user credentials after 42,000 passwords leak | Ars Technica
http://arstechnica.com/security/2013/12/bitcoin-only-poker-site-resets-user-credentials-after-42000-passwords-leak/

On December 18, 2013,InsidePro Password Recovery SoftwareA user named StacyM attached a list of hash data to the forum ofPost message. Approximately nine minutes after the post, another user succeeded in restoring 1000 pieces of passwords from the hash data, and the password was restored after that, about two-thirds of the password of the hash data list was restored in 24 hours I will.


The password restored from the data posted by StacyM was originally unknown source, but it is not possible for the online poker site such as "sealswithclubs" "88seals88" "bitcoin 1000000" "pokerseals"Seals with ClubsIt is found that the possibility of what is being used in is high. A security expert at Seals with Clubs, who noticed the seriousness of the incident, quickly verified that a password leakage of about 42,000 people was discovered.

Seals with Clubs admits that there was a password leak to the user on December 19, 2013 on the day after the leakage detection, "We need to change password at next login."


According to Ars Technica, the hash algorithm used by the security team at Seals with Clubs,SHA 1It was said that it was an algorithm that was too weak for password hash called. Since SHA1 can crack fairly quickly with minimal calculation, it seems that taboo is almost used for password.

Seals with Clubs used two authentication methods together for login to increase accuracyTwo factor authenticationAlthough it announces that it adopts it, it is pointed out that SHA1 should be changed to a tough algorithmic hash before anything else.