GOMTV.net compromised - Page 40
Forum Index > SC2 General |
Goragoth
New Zealand1065 Posts
| ||
Hyaena
Croatia17 Posts
I'm using keepass for almost two months (as R1CH suggested in some older thread, thanks btw) and have random password for each site. The thing is, email used in logging on gomtv is used for few more sites. Should i take any extra security steps (I changed gomtv password) and is spamming my email the worst thing that can happen (doubt someone would brute-force email)? Thanks! | ||
Titorelli
2492 Posts
| ||
Flwz
Ireland19 Posts
I have asked the following questions : For complete transparency, and as a user, I would like you to answer the following questions for me : - Are passwords actually stored in plain text? - How many user accounts have been compromised (how many user accounts in the DB) - What are the steps you are taking for this not to happen again. To my pleasant surprise, they did reply within one hour with the following : "Dear Jeremy. 1. No they were not plain text. But there was a part of section where it was plain text. We are investigating how that had happened. 2. We are under investigation. 3. As soon as we found out about the hacking we have brought a team to re-build for better security of our system. For it not to occur again as a support team we do not have solid answer for you yet. But from what we heard we will be bringing teams to test our server(security) regularly. Thank you for your time to take interest in our situation. And we apologize for the incident. GOMTV.net" I am not sure I understand answer 1, "They are not plain text but yeah they are" is a bit concerning, question 2 they completely avoided and answer to 3 means support does not have much more information than we do. All in all,as has been said before, you should : - Change GomTV password as soon as possible - Change your password on any website / service where you used the same password (facebook, twitter, gmail, TL, forums, anything) - Credit card and bank details are SAFE as they do not process the payments themselves (they go through Paypal). Unfortunately these issues with user data security are not limited to GomTV (hello Sony), and as such it is very important not to reuse passwords over several sites. | ||
R3N
740 Posts
I ***REALLY*** hope I wasn't hit | ||
Znakie
Denmark2 Posts
| ||
Teton
France1656 Posts
Epic fail GomTV. | ||
SinCitta
Germany2127 Posts
On August 14 2011 21:33 R3N wrote: I use the same password (with or without numbers) for EVERYTHING (mail, forums, games etc.) since 9-10 years back. I ain't going to change it. I ***REALLY*** hope I wasn't hit You really, really should (MUST). At least for everything involving your bank account (obviously), social network accounts (social contacts can be exploited) and your mail account (for password recovery). Bots can be used to automatically exploit your logins in which case something bad is bound to happen. | ||
Sephy90
United States1785 Posts
| ||
meegrean
Thailand7699 Posts
| ||
JinDesu
United States3990 Posts
On August 14 2011 21:16 Flwz wrote: This is quite bad, I work in IT security and I have sent an emai lto GomTv discussing this issue. I have asked the following questions : For complete transparency, and as a user, I would like you to answer the following questions for me : - Are passwords actually stored in plain text? - How many user accounts have been compromised (how many user accounts in the DB) - What are the steps you are taking for this not to happen again. To my pleasant surprise, they did reply within one hour with the following : "Dear Jeremy. 1. No they were not plain text. But there was a part of section where it was plain text. We are investigating how that had happened. 2. We are under investigation. 3. As soon as we found out about the hacking we have brought a team to re-build for better security of our system. For it not to occur again as a support team we do not have solid answer for you yet. But from what we heard we will be bringing teams to test our server(security) regularly. Thank you for your time to take interest in our situation. And we apologize for the incident. GOMTV.net" I am not sure I understand answer 1, "They are not plain text but yeah they are" is a bit concerning, question 2 they completely avoided and answer to 3 means support does not have much more information than we do. All in all,as has been said before, you should : - Change GomTV password as soon as possible - Change your password on any website / service where you used the same password (facebook, twitter, gmail, TL, forums, anything) - Credit card and bank details are SAFE as they do not process the payments themselves (they go through Paypal). Unfortunately these issues with user data security are not limited to GomTV (hello Sony), and as such it is very important not to reuse passwords over several sites. It could be multiple files compromised, and the plain text file being preeetty important. However, I gotta admit, Gom's pretty good if they were to answer a these questions with pretty good transparency in such short time to you. | ||
Shootist
Singapore405 Posts
| ||
Deleted User 101379
4849 Posts
On August 15 2011 00:17 Shootist wrote: Man what is with all this plain text password catastrophes. I work in the IT line myself and it's really not much effort to implement at least a half-decent encryption. As i always say: 99% of the programmers have no clue about anything and shouldn't work in that section... sadly they do -.- | ||
Jank
United States308 Posts
On August 15 2011 00:17 Shootist wrote: Man what is with all this plain text password catastrophes. I work in the IT line myself and it's really not much effort to implement at least a half-decent encryption. I dunno, that one function call is a bit of a doozie. | ||
Teton
France1656 Posts
On August 15 2011 00:17 Shootist wrote: Man what is with all this plain text password catastrophes. I work in the IT line myself and it's really not much effort to implement at least a half-decent encryption. Encryption is already implemented on mysql database or on google | ||
Trigger1101
Sweden80 Posts
| ||
asdfTT123
United States989 Posts
| ||
XiGua
Sweden3085 Posts
I don't want to change every the password on ALL my accounts and sites. I mean, I have like 50 of them! Disappointed by GOMTV really... Seriously. | ||
hiturheartx
61 Posts
| ||
mprs
Canada2933 Posts
On August 14 2011 21:33 R3N wrote: I use the same password (with or without numbers) for EVERYTHING (mail, forums, games etc.) since 9-10 years back. I ain't going to change it. I ***REALLY*** hope I wasn't hit You were. On August 15 2011 00:46 Trigger1101 wrote: Is it safe to buy now ? It was always safe to buy. Bank information is not stored on the site. It is all done via Paypal. If paypal gets hacked on the other hand... | ||
| ||