BreachExchange mailing list archives
Re: [Dataloss] Fwd: Important information about a security breach at Ravelry.com (fwd)
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 7 Jun 2011 17:11:46 -0400
On Mon, Jun 6, 2011 at 10:51 PM, security curmudgeon <jericho () attrition org> wrote:
---------- Forwarded message ---------- From: "Ravelry" <contact-us () ravelry com> Date: Jun 6, 2011 2:41 AM Subject: Important information about a security breach at Ravelry.com To: [image: Ravelry] <http://www.ravelry.com> (Wondering if this email is real? You can also see a similar notice by logging in to Ravelry.com) *Important Information about a Ravelry Security Breach* Dear Ravelry member, An attacker recently managed to break in to one of Ravelry's secondary servers. Once inside, they were able to access user names, *encrypted*passwords, and possibly email addresses. Your passwords could not be seen and no financial or other sensitive information was accessed as we do not collect or store this type of data.
Begs the question: how were the passwords encrypted? MD5? With or without a salt? (I don't consider MD5 encryption, but its often used in circumstances like these).
[SNIP]
_______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Fwd: Important information about a security breach at Ravelry.com (fwd) security curmudgeon (Jun 07)
- Re: [Dataloss] Fwd: Important information about a security breach at Ravelry.com (fwd) Jeffrey Walton (Jun 08)