back to article Friendster password emails spark site hack fears

Multiple users have reported receiving spam emails containing their Friendster password in plain text. The appearance of the suspicious emails to registered Friendster addresses (widely reported by numerous Twitter users on Thursday) has spawned fears that Friendster database might have been hacked. An alternative theory is that …

COMMENTS

This topic is closed for new posts.
Facepalm

Bugger confirmation

If it's your friendster password and it's in plaintext it suggests 1 of two things;

- Friendster store passwords in plaintext

OR

- Friendster uses a non-salted hash

More likely the former IME. They've some explaining to do regarding that before they even start on how they were compromised!

Don't use them thankfully, but there needs to be a culture of change regarding storing of passwords. When even the venerable vulture stores in plaintext there's something badly wrong

2
0
FAIL

Friendster used to be the best but now...

I visited back and the new redesign looks like crap.

0
0
Anonymous Coward

I don't usually compromise my security

but when I do, I use Friendster

1
0
FAIL

Plaintext passwords

Apparently if you use their password reminder service, it just emails y our the password...so, yeah, plaintext. Nice!

I got the spam and was wracking my brains as to what it was for. Picked it up on my email which matches email addresses then pulls the name from your address book, so I didn't realise at first that they had used my password as my name other than in the text ("Dear Customer PASSWORD"...)

Luckily it's clearly spam (From CFX Group in my case), but it's worrying where else the passwords have got to...

0
1
Bronze badge
WTF?

Partner leak?

From the article: "An alternative theory is that a partner of the once massive social networking site might have leaked the data."

Why on earth would they have given the _passwords_ to a partner? That's a bit WTF. I can understand sharing names and email addresses with partners, but passwords? That's just stupid.

0
0
Silver badge

This is a title, it contains letters and/or digits.

"Even so the site abandoned social networking altogether last month, repositioning as a social gaming site."

So, exactly like farcebook?

0
0
FAIL

Must contain letters and/or digits

I got one of those emails. I'd forgotten I even HAD a Friendster account.

Needless to say, I don't any more. Canceled the account within five minutes of getting the email. And fortunately, I don't use the same password in other places.

0
0
This topic is closed for new posts.

Forums