ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    99 Million Brute Force Attemps on Alibaba Yields 21 Million Accounts

    Scheduled Pinned Locked Moved News
    alibabasecuritythe register
    14 Posts 7 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NattNattN
      NattNatt
      last edited by

      Hah, is that it? 😉

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller
        last edited by

        They might want to think about outsourcing their security.

        NattNattN 1 Reply Last reply Reply Quote 1
        • NattNattN
          NattNatt @scottalanmiller
          last edited by

          @scottalanmiller but they're the best in the world [/sarcasm]

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller
            last edited by

            Alibaba says its systems were not breached and adds that it has reminded users not to reuse passwords.

            Supposedly only accounts were breached, no Alibaba itself.

            1 Reply Last reply Reply Quote 1
            • Reid CooperR
              Reid Cooper
              last edited by

              Seems like they should have noticed that degree of attack traffic, but reading how it happened it doesn't seem as bad as it sounds. It was 21 million individuals having common username/password combinations and it was their individual accounts being compromised, so the 99 million hits would have only been so noticeable in the general volume of traffic.

              The number only seems extreme given the lack of knowledge as to how large their normal traffic is.

              1 Reply Last reply Reply Quote 3
              • DashrenderD
                Dashrender
                last edited by

                Isn't this the same thing that happened to Apple a few years ago?

                scottalanmillerS 1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller @Dashrender
                  last edited by

                  @Dashrender said:

                  Isn't this the same thing that happened to Apple a few years ago?

                  Yes, very similar.

                  1 Reply Last reply Reply Quote 0
                  • dafyreD
                    dafyre
                    last edited by

                    By slowly attacking the system, trying to keep their brute force attempts under the radar, at just 1,000 logins per hour, It'd take them a little less than 2 weeks to process 99 million logins like that. You have to figure out whether or not they have any brute forcing detection built in, and then what the thresholds are... That's not an unimaginably long time for hackers to poke and prod.

                    What is scary is the ~20% success ratio.

                    scottalanmillerS 1 Reply Last reply Reply Quote 2
                    • scottalanmillerS
                      scottalanmiller @dafyre
                      last edited by

                      @dafyre said:

                      What is scary is the ~20% success ratio.

                      Alibaba does not target the most technological demographics.

                      DashrenderD 1 Reply Last reply Reply Quote 1
                      • DashrenderD
                        Dashrender @scottalanmiller
                        last edited by

                        @scottalanmiller said:

                        @dafyre said:

                        What is scary is the ~20% success ratio.

                        Alibaba does not target the most technological demographics.

                        And Apple does?

                        scottalanmillerS 1 Reply Last reply Reply Quote 1
                        • scottalanmillerS
                          scottalanmiller @Dashrender
                          last edited by

                          @Dashrender said:

                          @scottalanmiller said:

                          @dafyre said:

                          What is scary is the ~20% success ratio.

                          Alibaba does not target the most technological demographics.

                          And Apple does?

                          Far moreso. Alibaba targets only shoppers willing to use a horrible website (ever looked at it?) and can't access Amazon. So think about that target demographic.

                          DashrenderD 1 Reply Last reply Reply Quote 1
                          • DashrenderD
                            Dashrender @scottalanmiller
                            last edited by

                            @scottalanmiller said:

                            @Dashrender said:

                            @scottalanmiller said:

                            @dafyre said:

                            What is scary is the ~20% success ratio.

                            Alibaba does not target the most technological demographics.

                            And Apple does?

                            Far moreso. Alibaba targets only shoppers willing to use a horrible website (ever looked at it?) and can't access Amazon. So think about that target demographic.

                            Yes I have, I've purchased magnets from there before.

                            1 Reply Last reply Reply Quote 0
                            • StrongBadS
                              StrongBad
                              last edited by

                              Seems like maybe they should have noticed, but does not seem like the breach or issue was really all that big.

                              Lots of fake reviews, probably not the biggest deal.

                              1 Reply Last reply Reply Quote 1
                              • 1 / 1
                              • First post
                                Last post