The world's largest document sharing site Scribd says it was hacked earlier this week and believes up to one percent of its 100 million users' passwords were compromised due to being stored with an outdated hashing algorithm.
"Earlier this week, Scribd's operations team discovered and blocked suspicious activity on Scribd's network that appears to have been a deliberate attempt to access the email addresses and passwords of registered Scribd users," Scribd said on its support page on Wednesday.
"Because of the way Scribd securely stores passwords, we believe that the passwords of less than one percent of our users were potentially compromised by this attack."
Scribd's user base is thought to be around 100 million: according to Scribd co-founder Jared Friedman, the company has told less than one million users by email to change their passwords. After discovering the intrusion, Scribd also reset affected users' passwords.
The breach was first reported in a submission to Y Combinator's Hacker News, where a user kpumuk - who Friedman confirmed is Scribd software engineer Dmyrto Shteflyuk — fielded questions about the hashing algorithm it used to store passwords, and how it determined the proportion of users whose passwords were compromised.
According to Shteflyuk, the passwords Scribd considers "compromised" are ones that were stored using an "outdated algorithm", SHA-1. The hashes had also been salted.
"To clarify: no accounts were accessed by the hackers, but small amount of account records have had passwords encrypted with outdated algorithm (basically SHA1 + salt), so we preemptively reset their passwords and sent out emails to all affected users.
"This is how we define "compromised" - people which had their passwords hash with old algorithm, which is relatively easy to crack," he said
As noted by Eratta Security founder and CEO Bob Graham, salting hashes can slow down attempts at cracking passwords en masse with the aid of tools such as 'rainbow tables', but less useful for preventing attempts at cracking a single password. The more important question in the event a user database is leaked and password cracking efforts move offline, is the algorithm used to hash the passwords. Slow algorithms like scrypt, bcrypt, or PBKDF are better suited to protect passwords than MD4, MD5, SHA1, SHA2, SHA3, according to Graham.
The good news for Scribd users is that the company did use scrypt. The 99 percent of user passwords Scribd does not believe were compromised were stored using scrypt, wrote Shteflyuk.
Norwegian security advisor Per Thorsheim was impressed that Scribd disclosed which hashing algorithms it was using.
"Big round of applause to Scribd just for admitting to using scrypt. Compared to others, very good," he told ZDNet.com by email.
But, he adds, Scribd made a mistake by assuming that only the salted SHA-1 hashes were compromised.
"Passwords protected by scrypt can also be cracked, but it will take lots more time. Of course, that's depending on whether Scribd have implemented scrypt properly or not."
The second issue is Scribd's password policy, which ZDNet confirmed only requires that passwords have six characters.
Thorsheim noted after analysing hashes that cracked after LinkedIn's password hash leak last June, many people choose passwords that are easy to remember, like the name of the service, followed by user name, and a number.
"Scrypt cannot protect you from really bad passwords — the absolutely most common ones out there," he said.
In his view, the top 100 most common passwords will be very quick to test, while 10,000 would take more time than most people would spend time attempting.