At some time in the last couple of months an Irish website got hacked and its member database was stolen. The database contained email addresses and the associated passwords to login to the website.
The list of email addresses and these passwords was published on a website which has since been taken offline (though you could find it in Google’s cache as recently as 48 hours ago).
While some of the email addresses and password combinations could give you access to a lot of things this would only happen where the person used the same password for everything.
The list was NOT a list of email account passwords ie. if you could actually use the password to access the person’s email account it was purely coincidental.
How do I know this?
My email address is on the list, as I was informed by someone a couple of days ago.
Though even the person who informed me was doubtful that I’d have opted for such a stupidly weak password for something as important as my email. They’d be right. I hadn’t! I had used a weak password on several websites – in some cases semi-intentionally
Unfortunately some people seem to like scaring people and also have zero respect for privacy and zero understanding of security or anything else, so you’ll find the list of email addresses published on at least one Irish website. (I’m not going to link to them, since they don’t deserve a link if they’re going to be that careless with other people’s data, but I do hope that someone flags their idiocy with the data privacy people)
On the plus side, hopefully some people will realise that having a password policy wouldn’t be such a bad idea after all ….
Never mind that, this just goes to show how idiotic the people who build these sites are. There’s never a good reason to store a password as plain text or in some form that’s easily breakable.
Never mind any ‘password policy’ crap – anyone storing plain text passwords, or who tells their developers to do so out of some misguided desire not to inconvenience users who forget them, is an irresponsible fool.
Hi Michele
I heard the RTE Morning Ireland podcast, and well of course there was some dumbing down, but I think it will all be worth it if at least some people get the message that you should not use your email password for every site you register with.
Have you had any communication from the original website that was hacked? Do they even know they’ve been hacked (was it obvious)?
While a list of the emails (maybe just the first few chars and the domain…but certainly not the password) might be useful to check if one was in that list, publishing those details in full is a bit morally skewed.
Why not mention the original website?
@Cgarvey
One of the other people on the list knows the website owner and was going to be in touch with him to see if he knew about the issue or not.
Which original website? The one where the list was pulled from, where it was published or the Irish one which had the list of the emails on it? 🙂
Michele
The original website whose details were leaked. I care not for the tactics of the site that published the details in full (though I can see the merit in being able to check if one was on it; just not to see the full data set).
So, did the original site tell those affected or not, is the important question. If they didn’t, do they even know they were hacked, I wonder?
We think we know which site it was and another person whose email address was on the list is contacting the site owner. I’d rather not throw out website names without being 100% sure, but if you look at the list it’s fairly obvious that:
– it’s a website member list
– the site was primarily Irish
Are you talking about computerbits.ie?
Unfortunately I was on that list. Fortunately I seem to have used a different derivative of “semi-serious” password. Still though, an email address and a password – doesn’t take a huge leap to start plugging my details into Paypal – you’d have a fair chance of success if you had a bit of free time too.
I agree with the first commenter – why the passwords were plaintext is beyond me.
Incidentally I never bought anything from them, but this whole thing could have caused me a few [more] headaches.