CMV: The security issue pornhub is having is actually good for privacy

To summarize what's happening here: basically when you make a pornhub account, a token is stored in your browser to identify you as a member and let you get around certain restrictions. There is no username/password stored in the browser. <br><br>The Hacktivist group operating under "The pornhub leak group" took two approaches to get passwords. <br><br>One approach involved injecting malicious javascript code into a website that pornhub uses for authentication, and gained access to internal pornhub API endpoints to give them the ability to bypass a lot of security measures. Then they are basically brute forcing every single email address that they've been able to acquire, since email addresses are used as usernames for pornhub (not uncommon at all for various other websites too). When the user tries to authenticate, the compromised auth endpoint then performs some internal operations to check the provided password against a hashed password. The hashed password is never actually returned, but the compromised auth endpoint does return the outcome (valid, invalid). The brute forcing is probably being done externally to the compromised endpoint to get around any IP blocking that pornhub may have built in to prevent exactly this.<br><br>The other attack approach involves getting the list of tokens used to authenticate members, and is where the privacy benefits come in. Bypassing the username/password, the Hash of the username password pair is used to "authenticate" the request. The hash is actually generated from the clients side (javascript on pornhub's website) and the server does not actually have access to the hash, it only has access to a salted hash of the salted hash of the username and password (though it only has access to the username, not the password). In other words, it's essentially taking the username and password, adding in some extra bytes, hashing that, and then hashing it again. The client side only performs a single hash on the username and password. I am not a cryptographer, so forgive me if my description doesn't do proper justice to the process. The point is that the server doesn't have the hash to check against, so it cannot verify the hash is correct. The server is completely oblivious as to what the actual password is. Thus, to actually get access to the account, they need to basically brute force the password as well (but technically speaking, they don't need to brute force the actual password, they just need to brute force the hash. With enough guesses, you will get a collision, and it will not actually be the correct password, but still able to authenticate).<br><br>The real privacy concern is that they have a database with a 1:1 mapping of email addresses to usernames, and a database that maps usernames to passwords. However, there is no direct mapping of email addresses to passwords. The only way they could get this direct mapping is by finding a collision in the hash. Then there is a high chance that the actual password they found was not actually the correct password, but a different string that produces the same hashed output. Additionally, when a collision is found, it's possible that the newly found password is not actually a password at all, but a seemingly random jumbled mix of characters.<br><br>For most people, having their porn preferences leaked is much more regrettable than having their password leaked. And the method they are using to brute force passwords means that they will mostly only be able to find a password that authenticates, but is not actually the users password. This means that even if their account is compromised, the attackers will probably still not have the actual password. And most likely, the collision they found will not actually be a password at all, but a random string of characters. And even if they did find the correct password, most users will probably use that password elsewhere, so it'll still be compromised in that sense.<br><br>To those who say that this compromises pornhub's ability to secure passwords and this is a data leak, I say that this is not a typical data leak. The attackers can only brute force so many guesses in a given amount of time. They also do not have any real way to verify if a guessed password is correct or not, other than trying to use it to login. This limits how many guesses they can actually make in a given amount of time. Most likely they are not actually going to be able to find any collisions at all, because there is just too many possibilities that the correct password could be, and too many guesses they would need to actually make to find a collision.<br><br>[Edit] Some people seem to be misinterpreting what I'm saying. I'm not saying that this is a good thing overall. It's a bad thing. I'm saying that the outcome (a large amount of account credentials remaining unknown to the bad guys) is actually good for the privacy of the users.