compromised – 245,000 clear text passwords exposed?

Treat your password like your toothbrush, don’t let anyone else use it and change it every six months. (Clifford Stoll)


It looks like HackersBlog have come out of retirement, and with a bang. (see here for an earlier interview I did with HackersBlog)

They have posted a couple of stories this month, one regarding a SQL injection vulnerability at which exposed the personal details of 8 million subcribers. From previous postings, you can do the maths and figure out how much that little lot would be worth in the underground economy. Happily the vulnerability at gamespot is reportedly fixed now.


The showstopper however is the vulnerability on the website which was posted today. According to 2fingers over at HackersBlog a SQL injection vulnerability was discovered by fellow hacker Unu, that exposes not only the account details of almost a quarter of a million customers, but also their passwords in clear text


Recently published research showed that 61% of people use the same password for multiple sites, so this kind of compromise represents real risk for many people.




HackersBlog state that they have alerted the folks over at but have not yet received a response.


In the meantime, it you are an customer and are concerned about the safety of any other online accounts you may have I would encourage you to change your passwords on those other accounts, and of course on the web site.


From another, earlier posting on HackersBlog, it seems they may be posting some news about soon as well…


Here are a few tips for maintaining password security online.


Choose three complex passwords, easy to remember but difficult to guess, us a combination of numbers, upper and lower case letter and special characters like !£$@&. (Trend Micro’s advice on password creation is available in our Safe Computing Guide).


Use the first password as a general one for the majority of sites that require passwords to login. The second password, use for your email account and only your email account. Finally use the third password for any websites that could have financial consequences such as online banking or payment sites.


Finally, for those of you out there hosting web sites that hold other people’s data, have a look at the guidelines in my earlier blog entry about Spotify…

6 thoughts on “ compromised – 245,000 clear text passwords exposed?

  1. Pingback: Vulnerabilidad en expone los datos de 245,000 usuarios | OpenSecurity

  2. Pingback: Twitter Trackbacks for compromised – 245,000 clear text passwords exposed? » CounterMeasures [] on

  3. Pingback: Vulnerabilidad en expone los datos de 245,000 usuarios | Shadow Security

  4. Pingback:

  5. Pingback: El sitio, hackeado | The Inquirer ES

  6. Pingback: ManyMedia » Security and ( Passwords

Leave a Reply

Your email address will not be published. Required fields are marked *