FlyerTalk Forums - View Single Post - Suspended MP Accounts / Username Access Disabled / 3rd Party Security Breach-Dec 2014
Thread: Suspended MP Accounts / Username Access Disabled / 3rd Party Security Breach-Dec 2014
View Single Post
Old Feb 19, 2015, 10:27 am
  #133  
Bonehead
FlyerTalk Evangelist
 
Join Date: Jun 2003
Location: DEN
Programs: UA MM Plat; AA MM Gold; HHonors Diamond
Posts: 15,866
Originally Posted by Kingston
...They get access to the customer database through an exploit. That database has hashed (not plain text) versions of the passwords and/or pins. That's how most companies store credentials. A username associated with a hashed credential.
They can try billions of combinations (quite easily and quite quickly) offline until they match the hash. Then they can go online and get access.
They're not sitting on united.com guessing PINs. When they go to united.com they already have your pin because they did their guessing offline....
Ok, but as it has been pointed out, users don't use their MP# on any other sites. The trouble likely stems from folks having a username/password to access their UA accounts that is the same as the combination that they use on numerous other sites. The MP#/PIN is therefore potentially much safer from hacks on other sites that would yield troves of usernames and passwords.
Bonehead is offline  
Reply