LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

The Dell breach announcement (2018) specifically mentions "email addresses and hashed passwords" — why is this distinction worth emphasizing?

"Hashed" tells customers their plaintext passwords weren't exposed — but it's not a free pass, because hashes can still be cracked.

What attackers got:

  • Email addresses (full plaintext)
  • Hashed passwords (one-way encoded)

What this means for users:

  • Strong, unique passwords → likely safe (cracking infeasible)
  • Weak/common passwords → will be cracked within hours via dictionary + rainbow tables
  • Reused passwords → attackers will try them on every other site

Why companies highlight "hashed":

Legal and PR reasons. Plaintext password leaks trigger:

  • Mandatory disclosure under GDPR, US state laws
  • Massive reputation damage (think Adobe 2013, RockYou 2009)
  • Class-action lawsuits

Hashed leaks are still bad but signal the company did the right thing. The remediation is also simpler: forcing a password reset.

The catch:

"Hashed" alone isn't enough. Companies must also:

  • Salt each password (so identical passwords produce different hashes)
  • Use a slow hash (bcrypt/Argon2, not raw SHA)
  • Use modern algorithms (not MD5)

If the leak was MD5-without-salt, "hashed" basically equals "plaintext within a week."

Tip: Always check haveibeenpwned.com after any major breach to see if your account was affected.

Go deeper:

From Quiz: INTROL / Password Cracking | Updated: Jul 05, 2026