every other site I use same password >_>
GOMTV.net compromised - Page 42
Forum Index > SC2 General |
Welmu
Finland3295 Posts
every other site I use same password >_> | ||
Nos-
Canada12016 Posts
| ||
Alethios
New Zealand2765 Posts
Terminated my gomtv account too in the end. | ||
kinetic_skink
Australia125 Posts
On August 14 2011 21:16 Flwz wrote: This is quite bad, I work in IT security and I have sent an emai lto GomTv discussing this issue. I have asked the following questions : For complete transparency, and as a user, I would like you to answer the following questions for me : - Are passwords actually stored in plain text? - How many user accounts have been compromised (how many user accounts in the DB) - What are the steps you are taking for this not to happen again. To my pleasant surprise, they did reply within one hour with the following : "Dear Jeremy. 1. No they were not plain text. But there was a part of section where it was plain text. We are investigating how that had happened. 2. We are under investigation. 3. As soon as we found out about the hacking we have brought a team to re-build for better security of our system. For it not to occur again as a support team we do not have solid answer for you yet. But from what we heard we will be bringing teams to test our server(security) regularly. Thank you for your time to take interest in our situation. And we apologize for the incident. GOMTV.net" I am not sure I understand answer 1, "They are not plain text but yeah they are" is a bit concerning, question 2 they completely avoided and answer to 3 means support does not have much more information than we do. All in all,as has been said before, you should : - Change GomTV password as soon as possible - Change your password on any website / service where you used the same password (facebook, twitter, gmail, TL, forums, anything) - Credit card and bank details are SAFE as they do not process the payments themselves (they go through Paypal). Unfortunately these issues with user data security are not limited to GomTV (hello Sony), and as such it is very important not to reuse passwords over several sites. I would read 1 as the passwords were encrypted in storage, but they may have logged log in to a flat file or something similar | ||
BuzZoo
Australia1468 Posts
I've disabled it cos I don't trust it and when I go to uninstall it, it asks if I want to let some weird filename have access to my computer. | ||
kyophan
United States113 Posts
| ||
M1cha84
Germany64 Posts
On August 15 2011 18:52 BuzZoo wrote: Anyone else suddenly have the GOM toolbar without installing it today? I came back from work and it was suddenly there when I opened firefox. No one else uses my computer as I just live with my girlfriend and she got back from work later than me. I've disabled it cos I don't trust it and when I go to uninstall it, it asks if I want to let some weird filename have access to my computer. Maybe you should scan your PC for virusses! That is not normal oO | ||
BuzZoo
Australia1468 Posts
On August 15 2011 19:00 M1cha84 wrote: Maybe you should scan your PC for virusses! That is not normal oO Yeah I might just do that. Thanks! | ||
Velr
Switzerland10416 Posts
Fun times. | ||
Kryt0s
Germany209 Posts
| ||
Tofugrinder
Austria899 Posts
when I saw that thread I immediatetly changed the password on gomtv and was kinda curious why gom didnt have any information on their site. now i logged in and the system wanted me - the already changed password - again -.- good that the system is crappy anyway because i could change it and change it back.. gom, that's NOT how you do it. | ||
TheKnight
Romania77 Posts
| ||
AmericanUmlaut
Germany2558 Posts
On August 15 2011 16:45 kinetic_skink wrote: I would read 1 as the passwords were encrypted in storage, but they may have logged log in to a flat file or something similar I'm a web application developer, and that sounds pretty plausible. Passwords are generally posted in plain text when you log in to a site, then they're used to generate a hash that is compared to the hash stored in the database - if the hashes are identical, then the password is (considered to be) correct. I could imagine a situation where someone writes a sloppy transaction log that stores posted values and that log is accessed by an intruder. It at least sounds more plausible than a site as big as Gom storing passwords in plain text. | ||
Ghad
Norway2551 Posts
| ||
darkgray
Sweden11 Posts
On August 15 2011 22:25 Ghad wrote: Hmm, now i cant login with twitter anymore. First time i try since last wednesday. I can't log in through Facebook anymore. I e-mailed their support, and they're supposedly looking into it. | ||
vitruvia
Canada235 Posts
| ||
Gutrot
122 Posts
| ||
WniO
United States2706 Posts
| ||
sluggaslamoo
Australia4494 Posts
Hackers already have your password on file (a long with a million others) and will probably be shooting it around forums and such, so its not like changing it on GOM will help that much. Fucking GOM, companies that aren't proactive about their security never will be, even if they patch all their current problems, because they don't know crap about security their coders will just create more holes for breaches as they keep making their crap media player. So I will never trust them in the future. On August 15 2011 19:21 Velr wrote: 21 failed login attemps on my e-mail account. But last login still 10 days ago so i seem to be fine. Fun times. Did you really think they want your account details so they can log into GOM? | ||
ZergCacique
United States28 Posts
| ||
| ||