Thingiverse data leak

very week seems to bring another set of high-profile data leaks, and this time it’s the turn of a service that should be of concern to many in our community. A database backup from the popular 3D model sharing website Thingiverse has leaked online, containing 228,000 email addresses, full names, addresses, and passwords stored as unsalted SHA-1 or bcrypt hashes.

The password for an account held by Matthew Healey is apparently « 123456. » As you can see on his Google+ profile page, he claims to have worked with one John Doe (or more likely multiple people) at BitPay who was responsible under contract for storing both accounts up until July 25, 2015. The blog post indicates they were compromised sometime between August 1st through 13th; we don’t know how long ago because each passcode will expire after 30 days if not used within these limits. Also note Hisay’s home address above refers out to St. Louis, MO–the city where Bitcoin could get involved without much consequence righ

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *