Got an account on a site like Github? Hackers may know your e-mail address

JMH

Emeritus, Contributor
Joined
Apr 2, 2012
Posts
7,197
If you have an account on Github, StackExchange, or any one of countless other sites, there's a good chance hackers can identify the e-mail address you used to register it. That's because Gravatar, a behind-the-scenes service that says it works with millions of sites, broadcasts the information using cryptography that in many cases is trivial to crack.

People have been warning about the privacy risk posed by Gravatar, short for Globally recognized avatar, since at least 2009. That's when a blogger showed he was able to crack the cryptographic hashes that the service uses to uniquely identify its users. Gravatar, it turned out, derived the hashes with the user's e-mail address, and the blogger was able to translate about 10 percent of the more than 80,000 user IDs he harvested. Now, a researcher has upped the ante by using a more advanced cracking technique to de-anonymize participants advocating racial hatred and other extreme topics in online forums hosted in France.
Got an account on a site like Github? Hackers may know your e-mail address | Ars Technica
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top