In 2009 a hacker broke into a website with millions of users and downloaded the entire user database. What that hacker did with the data has changed the way we view account security even today.
Download the RockYou password list here: https://wiki.skullsecurity.org/Passwords
Check out https://haveibeenpwned.com to see if your email has been in a breach.
Sponsor
This episode was sponsored by CuriosityStream. A streaming service showing non-fiction and documentaries. Visit curiositystream.com/darknet and use promo code “darknet”.
This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo.
Sources/Links
- https://web.archive.org/web/20091221072933/http://igigi.baywords.com/
- https://archive.nytimes.com/www.nytimes.com/external/readwriteweb/2009/12/16/16readwriteweb-rockyou-hacker-30-of-sites-store-plain-text-13200.html
- https://www.helpnetsecurity.com/2009/12/14/serious-sql-flaw-could-have-compromised-millions-of-rockyoucom-users/
- https://reusablesec.blogspot.com/2009/12/rockyou-hacked-32-million-yes-thats.html
- https://www.ghacks.net/2010/01/21/rockyou-hacked-some-30-million-passwords-in-the-wild-security/
- https://pitchbook.com/profiles/company/42938-47
- https://twitter.com/madciapka/statuses/6677880922
- http://phrack.org/issues/54/8.html
- https://techcrunch.com/2009/12/14/rockyou-hacked/?_ga=2.151128761.1489769744.1550529903-1137284936.1550529903
- https://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/
- https://techcrunch.com/2010/10/15/rockyou-rocked-by-layoffs-as-it-switches-focus-to-social-games/
- https://web.archive.org/web/20150920100559/https://www.huntonprivacyblog.com/2011/04/22/court-finds-allegations-of-harm-sufficient-to-allow-breach-related-class-action-suit-to-proceed/
- https://reusablesec.blogspot.com/2009/12/rockyou-hacked-32-million-yes-thats.html
- https://www.darkreading.com/risk/rockyou-lawsuit-settlement-leaves-question-marks-on-breach-liability/d/d-id/1136710
- https://haveibeenpwned.com/
- https://www.nytimes.com/2010/01/21/technology/21password.html
- https://www.pacermonitor.com/public/case/27094541/RockYou,_Inc
- https://www.huffpost.com/entry/andrew-patricia-murray_n_1912436
Attribution
Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify.
Additional music by Epidemic Sound.
Transcript
[FULL TRANSCRIPT]
JACK: Let’s start out with tell us your name and what do you do.
TROY: My name is Troy Hunt. I am an Australian security researcher, I guess. That term seems to be used a lot. I run the data breach notification service Have I Been Pwned? I write some online training for people, and speak at events.