The Tech Herald breach exposed more than 100,000 accounts

by Steve Ragan - Apr 29 2011, 12:15 breach exposed more than 100,000 accounts.(IMG:J.Anerson)

Over a period of four hours on Wednesday, an automated SQL Injection attack leeched plain text passwords and email addresses from The attack created a good deal of noise, causing connection issues and brief outages, but by the time it was discovered, nearly 8-percent of the database had been ransacked.

According to the disclosure by, the attack was similar to the one experienced recently by Specifically they were hit by a bot-driven Blind SQL Injection attack. While has measures in place to enforce limits for a single IP address, these limits were circumvented by the attacking botnet.

In a message to users, Justin Beech, the site’s founder, said that the email and plain text password pairs harvested during the attack “…cover the entire 10 year history of the membership but sprinkled randomly. Some are very old accounts, some are new accounts, some inactive or deleted.”

“I identified the newest accounts, those that were obtained and have logged in over the last 12 months, and have alerted those by email. This amounts to some 9000 accounts… Older inactive accounts involved are also being notified by email now, although the older the account, the less likely the email is still current, or the password they used is still useful,” Beech added.

Over the last ten years, there have been more than 1.6 million accounts registered on Using the 8-percent listed by Beech as a base, this equals more than 135,000 accounts compromised. If you go by the listed “current login count” (~1.2 million), then the exposure is slightly less, at more than 101,000.

“If you are in the habit of sharing the same password among many sites…you should secure your access to those sites by changing your password immediately. Your first priority would be your email account if the password was shared with it,” Beech warned.

“Obviously having both an [SQL] attack hole (now closed) and plain text passwords is a big black eye, and I'll be addressing these problems as fast, but as carefully, as I can. My apology for any stress this causes.”

As mentioned, password sharing is a risky proposition. It happens all the time, and incidents like this are why the practice should be avoided. If you are looking for a list of passwords that are known to be easily cracked by criminals, look here.

There has been some flack given to Beech over his method of storing passwords. Given the age of the site, it is likely that the password system is a legacy system. Updates to it would have required large investments in hardware and development. These investments are costly, and it is possible simply did not have the funds or development team in place to take on the project. They have little choice in the matter now.

To play things safe, if you have a account, even if you did not get a warning letter, change your password. While you’re at it, today is a great day to select new passwords for other important accounts, such as email, social, and financial.

Comment on this Story

comments powered by Disqus


Average Guys With Average Cars. #average

Great new video from up-and-coming clothing brand the Average Squad. The short was posted by...

This Man Was Too Poor To Buy A Car. How He Treats Them Now Is So Touching

This is one of the most touching videos about cars in a long time. It tells the story of a m...

Lucky Escape from Out of Control Truck

This man had a lucky escape on a New Jersey Turnpike when he had to stop on the road du...

Concept Car Videos from Detroit Auto Show

As at every big car show manufacturers at the Detroit Auto Show 2015 were keen to give us th...

Concept Car Pictures from Detroit Auto Show

Well we still had a few pics from the in Detroit Auto Show to put up. These are some of...