Hacker Puts 51 Million iMesh Accounts For Sale On Dark Web

An anonymous reader shares a ZDNet report: User accounts for iMesh, a now-defunct file sharing service, are for sale on the dark web. The New York-based music and video sharing company was a peer-to-peer service, which rose to fame in the file sharing era of the early-2000s, riding the waves of the aftermath of the "dotcom" boom. LeakedSource, a breach notification site that allows users to see if their details have been leaked, has obtained the database. The group's analysis of the database shows it contains a little over 51 million accounts. The database, of which a portion was shared with ZDNet for verification, contains user information that dates back to late-2005 when the site launched, including email addresses, passwords (which were hashed and salted with MD5, an algorithm that nowadays is easy to crack), usernames, a user's location and IP address, registration date, and other information -- such as if the account is disabled, or if the account has inbox messages.

Re:Well

[Opportunist]

Could we close down the surveillance-infested other one instead?

Re:Horse hockey!

An "attack" means "faster than brute force".

For MD5, a video card from 2012 can brute force every possible 7 character password in a bit over an hour and every possible 8 character password in a bit over a year. If you limit it to likely passwords (letters and numbers) you can do 8 characters in 4 hours.

So yeah, any "truly strong" passwords are safe, for values of "truly strong" that were probably not well thought-out in 2005.