Twitter Thread: Epik's utter lack of security & terrible decisions boggle my mind
Background: This is an archived Twitter thread. For more information, read: Elon banned me from Twitter for doing journalism. Good riddance.
Original URL of Twitter thread: https://twitter.com/micahflee/status/1441554221183033346
Epik's utter lack of security & terrible decisions boggle my mind. They logged plaintext passwords for login failures, MD5(password) on success.
I tried cracking all MD5s using a wordlist of the plaintexts...
Now I have 11,000 actual passwords used by Epik customers #EpikFail
Posted 5:04 PM · Sep 24, 2021, 218 Retweets, 1,132 Likes
Importing them all into a database so I can see what the most popular passwords are of these 12k cracked one...
(note that the updated rows number could be misleading, it could be the same user logging on many times I'm pretty sure)
Posted 7:42 PM · Sep 26, 2021, 4 Retweets, 49 Likes
The most popular passwords out of the 12k that I cracked
Posted 9:00 PM · Sep 26, 2021, 14 Retweets, 45 Likes