Multiple users have reported receiving spam emails containing their Friendster password in plain text. The appearance of the suspicious emails to registered Friendster addresses (widely reported by numerous Twitter users on Thursday) has spawned fears that Friendster database might have been hacked. An alternative theory is that …
If it's your friendster password and it's in plaintext it suggests 1 of two things;
- Friendster store passwords in plaintext
- Friendster uses a non-salted hash
More likely the former IME. They've some explaining to do regarding that before they even start on how they were compromised!
Don't use them thankfully, but there needs to be a culture of change regarding storing of passwords. When even the venerable vulture stores in plaintext there's something badly wrong
Friendster used to be the best but now...
I visited back and the new redesign looks like crap.
I don't usually compromise my security
but when I do, I use Friendster
Apparently if you use their password reminder service, it just emails y our the password...so, yeah, plaintext. Nice!
I got the spam and was wracking my brains as to what it was for. Picked it up on my email which matches email addresses then pulls the name from your address book, so I didn't realise at first that they had used my password as my name other than in the text ("Dear Customer PASSWORD"...)
Luckily it's clearly spam (From CFX Group in my case), but it's worrying where else the passwords have got to...
From the article: "An alternative theory is that a partner of the once massive social networking site might have leaked the data."
Why on earth would they have given the _passwords_ to a partner? That's a bit WTF. I can understand sharing names and email addresses with partners, but passwords? That's just stupid.
This is a title, it contains letters and/or digits.
"Even so the site abandoned social networking altogether last month, repositioning as a social gaming site."
So, exactly like farcebook?
Must contain letters and/or digits
I got one of those emails. I'd forgotten I even HAD a Friendster account.
Needless to say, I don't any more. Canceled the account within five minutes of getting the email. And fortunately, I don't use the same password in other places.