ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    99 Million Brute Force Attemps on Alibaba Yields 21 Million Accounts

    News
    alibaba security the register
    7
    14
    1611
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmiller
      scottalanmiller last edited by

      Alibaba says its systems were not breached and adds that it has reminded users not to reuse passwords.

      Supposedly only accounts were breached, no Alibaba itself.

      1 Reply Last reply Reply Quote 1
      • Reid Cooper
        Reid Cooper last edited by

        Seems like they should have noticed that degree of attack traffic, but reading how it happened it doesn't seem as bad as it sounds. It was 21 million individuals having common username/password combinations and it was their individual accounts being compromised, so the 99 million hits would have only been so noticeable in the general volume of traffic.

        The number only seems extreme given the lack of knowledge as to how large their normal traffic is.

        1 Reply Last reply Reply Quote 3
        • Dashrender
          Dashrender last edited by

          Isn't this the same thing that happened to Apple a few years ago?

          scottalanmiller 1 Reply Last reply Reply Quote 1
          • scottalanmiller
            scottalanmiller @Dashrender last edited by

            @Dashrender said:

            Isn't this the same thing that happened to Apple a few years ago?

            Yes, very similar.

            1 Reply Last reply Reply Quote 0
            • dafyre
              dafyre last edited by

              By slowly attacking the system, trying to keep their brute force attempts under the radar, at just 1,000 logins per hour, It'd take them a little less than 2 weeks to process 99 million logins like that. You have to figure out whether or not they have any brute forcing detection built in, and then what the thresholds are... That's not an unimaginably long time for hackers to poke and prod.

              What is scary is the ~20% success ratio.

              scottalanmiller 1 Reply Last reply Reply Quote 2
              • scottalanmiller
                scottalanmiller @dafyre last edited by

                @dafyre said:

                What is scary is the ~20% success ratio.

                Alibaba does not target the most technological demographics.

                Dashrender 1 Reply Last reply Reply Quote 1
                • Dashrender
                  Dashrender @scottalanmiller last edited by

                  @scottalanmiller said:

                  @dafyre said:

                  What is scary is the ~20% success ratio.

                  Alibaba does not target the most technological demographics.

                  And Apple does?

                  scottalanmiller 1 Reply Last reply Reply Quote 1
                  • scottalanmiller
                    scottalanmiller @Dashrender last edited by

                    @Dashrender said:

                    @scottalanmiller said:

                    @dafyre said:

                    What is scary is the ~20% success ratio.

                    Alibaba does not target the most technological demographics.

                    And Apple does?

                    Far moreso. Alibaba targets only shoppers willing to use a horrible website (ever looked at it?) and can't access Amazon. So think about that target demographic.

                    Dashrender 1 Reply Last reply Reply Quote 1
                    • Dashrender
                      Dashrender @scottalanmiller last edited by

                      @scottalanmiller said:

                      @Dashrender said:

                      @scottalanmiller said:

                      @dafyre said:

                      What is scary is the ~20% success ratio.

                      Alibaba does not target the most technological demographics.

                      And Apple does?

                      Far moreso. Alibaba targets only shoppers willing to use a horrible website (ever looked at it?) and can't access Amazon. So think about that target demographic.

                      Yes I have, I've purchased magnets from there before.

                      1 Reply Last reply Reply Quote 0
                      • StrongBad
                        StrongBad last edited by

                        Seems like maybe they should have noticed, but does not seem like the breach or issue was really all that big.

                        Lots of fake reviews, probably not the biggest deal.

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post