Modernizing Authentication — What It Takes to Transform Secure Access
Ars Technica's Dan Goodin reports that online dating service Zoosk.com is requiring some of its users to reset their passwords after a list of 29 million encrypted passwords was published online, some of which contained the word "zoosk."
Stricture Consulting Group expert Jeremi Gosney, Goodin reports, says he was able to crack more than 90 percent of the encrypted passwords and found that almost 3,000 of them seemed to be linked to Zoosk, including phases like "zooskmail," "myzooskpass" and "ilovezoosk."
In response, Zoosk issued the following statement to Ars Technica: "The company is conducting a thorough forensic analysis of the situation. So far, we have not found evidence of our network being compromised. Additionally we have not received reports of unauthorized access to members' accounts as a result of the information posted to this site. However, and out of an abundance of caution, we are notifying certain users by e-mail with instructions for changing their passwords."
Other words in the password dump, Goodin reports, include "apple," "linkedin," "hotmail" and "yahoo," indicating that passwords for other services are likely to be included as well.