Menu
MusicBrainz data dump serves as a warning for password reuse: Trend Micro

MusicBrainz data dump serves as a warning for password reuse: Trend Micro

Security vendor weighs in on the recent data dump and the importance of different passwords

MusicBrainz, the popular open content music database, disclosed at the end of March that a database dump had taken place and user information had been downloaded.

One of these dumps contained password hashes for a large portion of MusicBrainz accounts, and the site responded by deleting and replacing it with correctly sanitised database dumps.

While the site admits to having no idea where the data is now located, it is asking all users to change their passwords.

MusicBrainz has attempted to downplay the incident by saying that the password hashes are neither useful or widely distributed, and that the data should not allow attackers to retrieve user passwords.

Without seeing the stolen data in question, Trend Micro A/NZ strategic products senior manager, Adam Biviano, said it is difficult to ascertain whether user passwords are at risk, as it dependant on the hash algorithm that was used.

“We saw in the recent breach of one of the ABC’s websites that the hashing algorithm allowed an attacker to quite easily discover many of the passwords,” he said.

“Even with a strong hashing algorithm, simple passwords like common words are easy to discover by using a brute force dictionary attack against the hash contents.”

In response to the situation, MusicBrainz said it will adjust its database dumping scripts to be specific about which data to export in order to avoid future leaks of private data.

Biviano said the data dump incident is not limited just to MusicBrainz, adding that “these attacks are more common than [he] would like to see."

“The ABC fell victim to this problem just recently, and I’m never surprised when I hear of these incidents as it seems to be quite commonplace these days,” he said.

Password protection

As for whether there is anything a user can do to protect themselves from these types of incidents, Biviano said it is mainly up to the site’s administrator or owner to provide protection.

However, individuals are able to take certain steps to minimise the impact to themselves.

“If they reuse the same username and password combination for many different websites, then if their password is discovered for one then an attacker may be able to take over many online services that the individual may have access to,” he said.

“If they use a complex password that is not a common word or has a mixture of letters and numbers, then if a hashed version is released to the public, the odds of it being cracked are a lot less.”

If a user discovers through an email from a site administrator that their password may have been compromised, Biviano said they should think about where else they have used that password and change it too.

Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags databasestrend microhacking

Upcoming

Slideshows

IN PICTURES: Nutanix's .NEXT channel event in Sydney (+20 photos)

IN PICTURES: Nutanix's .NEXT channel event in Sydney (+20 photos)

Nutanix recently held its customer and channel event, .NEXT, in Sydney. The event, held at the Sheraton on the Park saw attendance from more than 150 channel and technology partners and customers. It was the first in a series of events Nutanix is holding in A/NZ in August and September, the objective of which is to brief partners and customers on “what’s next” in the design and management of datacentre technology.

IN PICTURES: Nutanix's .NEXT channel event in Sydney (+20 photos)
IN PICTURES: EDGE 2015 sponsor debrief (+23 photos)

IN PICTURES: EDGE 2015 sponsor debrief (+23 photos)

Some of the sponsors of ARN's inaugural EDGE 2015 event got together at the ARN office for a debrieef of the event. Over some drinks and cheese, these attendees got an update on some key statistics that arose from the EDGE event and discussed potential topics and improvements that can be made at next year's event.

IN PICTURES: EDGE 2015 sponsor debrief (+23 photos)
IN PICTURES: ARN Distributor Roundtable, Sydney, 26.08.15 (+26 photos)

IN PICTURES: ARN Distributor Roundtable, Sydney, 26.08.15 (+26 photos)

ARN hosted a distributor roundtable at Cafe Del Mar in Sydney, at which attendees and their partners discussed the changing role of the traditional IT distributor. They spoke about the challenges of digital disruption, the blurring lines of the channel in the age of digital transformation, and examined the ever-evolving business models. This roundtable was sponsored by Distribution Central, Exclusive Networks, Rhipe, and Hemisphere Technologies. Photos by ARN Editorial Director, Mike Gee.

IN PICTURES: ARN Distributor Roundtable, Sydney, 26.08.15 (+26 photos)

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments