> *they didn't keep hashes, so they could go off and use all the various algos (... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

inetknght on June 27, 2022 | parent | context | favorite | on: FTC takes action against CafePress for data breach...

> they didn't keep hashes, so they could go off and use all the various algos (sha, md5 etc) then see where else those users were members (by looking for password if they were dumb enough), I wonder how often that happens in the corporate world

https://en.wikipedia.org/wiki/Credential_stuffing

Indeed, it's a major problem.

dontbenebby on June 27, 2022 [–]

Oh yeah I know the re-use is common, I more meant the technique of purposefully not hashing or disabling hashing to compare hashes across services and connect users.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact