Friendster password emails spark site hack fears

Bugger confirmation

If it's your friendster password and it's in plaintext it suggests 1 of two things;

- Friendster store passwords in plaintext

OR

- Friendster uses a non-salted hash

More likely the former IME. They've some explaining to do regarding that before they even start on how they were compromised!

Don't use them thankfully, but there needs to be a culture of change regarding storing of passwords. When even the venerable vulture stores in plaintext there's something badly wrong

Plaintext passwords

Apparently if you use their password reminder service, it just emails y our the password...so, yeah, plaintext. Nice!

I got the spam and was wracking my brains as to what it was for. Picked it up on my email which matches email addresses then pulls the name from your address book, so I didn't realise at first that they had used my password as my name other than in the text ("Dear Customer PASSWORD"...)

Luckily it's clearly spam (From CFX Group in my case), but it's worrying where else the passwords have got to...

Partner leak?

From the article: "An alternative theory is that a partner of the once massive social networking site might have leaked the data."

Why on earth would they have given the _passwords_ to a partner? That's a bit WTF. I can understand sharing names and email addresses with partners, but passwords? That's just stupid.

Must contain letters and/or digits

I got one of those emails. I'd forgotten I even HAD a Friendster account.

Needless to say, I don't any more. Canceled the account within five minutes of getting the email. And fortunately, I don't use the same password in other places.