Social Site for Teenagers Is Leaking Plain Text Passwords
A social site for teenagers is leaking information about its users, including passwords. In plain text. “Operators of i-Dressup didn’t respond to messages sent by Ars informing them that a hacker has already downloaded more than 2.2 million of the improperly stored account credentials. The hacker said it took him about three weeks to obtain the cache and that there’s nothing stopping him or others from downloading the entire database of slightly more than 5.5 million entries. The hacker said he acquired the e-mail addresses and passwords by using a SQL injection attack that exploited vulnerabilities in the i-Dressup website.” It’s 2016 and storing passwords in plain text is absolutely inexcusable.