An India based web service giant rediff (https://www.rediff.com/) has been compromised by a hacker using the handle @an0nw3bc0d3r. Rediff provides news and email services as well as mobile email services but it is failing to secure its data or even properly encrypt its staffs and users passwords. > Rediff.com is a news, information, entertainment, and shopping portal. It was founded in 1996 as "Rediff On The NeT" and is headquartered in Mumbai, India with offices in New Delhi and New York City, USA. via wikipedia.org
According to wikipedia rediff has over 95,000,000 users for its email system and if this is true then the message at the end of the leak file is going to worry the hell out of the web administration. The leak has been posted to pastebin after it was announced on twitter a few hours ago. > pastebin.com/GF3QsgG6 rediff emails accounts breached @ozdatacenta — an0nw3bc0d3r (@an0nw3bc0d3r) December 30, 2012
The leak has a clear message in it that the staff used repeated passwords and if this is not changed there will be more to come.
Lessons: 1) Don't use the same password for multiple sites. 2) Choose a password that isn't simple, choose one that has lowercase, uppercase, symbols, and numbers. 3) For the web developer: Salt your user's passwords! There will be more to come, rediff members. Change your password now while you can!
The leaked data it self is 8 rediff.com email accounts with clear text passwords and two rediffmail.com accounts also with cleartext passwords. Source: pastebin