August 02, 2012
According the hackers:
wnd target : www.pearl.fr
Category : french e-commerce website, not that big, not that small
Type : SQLi (PHP/MySQL) + various XSS
Total loss : 729115+ customers accounts compromised with e-mails/passwd
1115050+ bank transactions exposed
Though many passwords were not released as a part of the breach to do any real statistical analysis, we can say this much:
- There are lots basic passwords such as 1234abcd, nathalie, etc... Though 'baguette' did not make it onto the list.
- The password are in cleartext.
- We do have to call out the most complex, hard core breached consumer password: