>> In July 2012, nearly 443,000 email addresses and passwords for a Yahoo site were exposed.
Yahoo stored its contributor network user names and passwords in plain text.
Because people reuse passwords on many different sites,
these compromised plain text passwords attached to an email address
in the breach were now at risk in many locations.
This included really strong passwords, like a 31-character password, that was in the dump.
In September 2016, Yahoo announced a breach of 500 million users.
In December 2016, Yahoo announced that hackers stole details from over a billion user accounts,
including names, addresses, phone numbers,
and weekly hashed passwords, in attacks that started in 2013.
This is, in fact, the largest data breach currently on record.
In this case, Yahoo was slammed for using the MD5 has function
which had been broken two decades earlier.
6.5 million LinkedIn password hashes were leaked in June 2012, linked and also used
in insecure hash function SHA-1, which is a step up from MD5, but LinkedIn failed to use salt,
which made the use of SHA-1 a moot point since rainbow tables were able
to derive the plain text passwords.
转载于:https://www.cnblogs.com/sec875/articles/10015935.html