Has friendster been hacked?
I noticed an unusual email when I checked my Gmail account today.
Sure it was spam, but this one was tagged with a “Password” tag, a tag that I used to filter any emails that contain an old password.
Low and behold there was my password displayed right in the email. So, of course, the first thing to do was to check the email headers to see how the email was routed.
I could not believe it!
To: “password1” <[email protected]>
Note: my password is not password1, I replaced it with that.
They had inserted my password instead of my name in the “To” part of the email headers.
The email address they sent to was an alias which I had used specifically for friendster so I knew. However, according to the email headers it definitely did not come from the friendster servers.
How did the spammers manage to get my password and email address?
I’ve certainly not used the account since about 2005, so it can’t be me.
Does friendster store their passwords in plain text?
I figured the easiest way to check is to issue a “forgot password” request and see what happens.
- It’s official: Friendster is a plain text offender.
I received an “Your Friendster account information” email which contained my password in plain text right in the email.
Yes, this means is that it is absolutely possible that if somebody did hack into friendster they could recover my password (and everyone elses) from their database.
What does this mean for friendster?
Well, probably not a lot since most people are waving bye-bye to friendster anyway as friendster starts to delete all user data from their servers.
My tip: Don’t delay, delete it today!
Update 02/06/11
Yesterday I emailed friendster to notify them of a serious security concern, today I received this reply:
Thank you for reporting this to us. We take reports like this seriously and we shall make the proper investigation on your concern. Unfortunately, we don’t have a specific time frame on when the investigation will be completed. We apologize for the inconvenience.
Regards,
Frank
Customer Support
P.S. Thanks for your comments, I’m glad I’m not alone. Keep them coming!
Warning: Declaration of Social_Walker_Comment::start_lvl(&$output, $depth, $args) should be compatible with Walker_Comment::start_lvl(&$output, $depth = 0, $args = Array) in /Users/wade/Sites/hm2k.org/wp-content/plugins/social/lib/social/walker/comment.php on line 18
Warning: Declaration of Social_Walker_Comment::end_lvl(&$output, $depth, $args) should be compatible with Walker_Comment::end_lvl(&$output, $depth = 0, $args = Array) in /Users/wade/Sites/hm2k.org/wp-content/plugins/social/lib/social/walker/comment.php on line 42
I received three similar emails. Either their database has been compromised or the company that recently bought it is selling the data to phishers.
Hi,
I’ve received similar emails, noticed the first yesterday. It’s sent to the email I had registered with Friendster and also contains my Friendster password. A friend of mine has experienced similar 🙁
Yep. I had the same thing just now. Thanks for the cancel account link. Just done that. Seems we should’ve done it earlier though :-/
I reported this to Friendster Support and they’ve said:
“We do not believe that we’ve been hacked but just the same, we take your report seriously. We shall make the proper investigation on your concern. Unfortunately, we don’t have a specific time frame on when the investigation will be completed. We apologize for the inconvenience.”
I’ve also sent them a link to this blog post.
Just had another of these 🙁
Had a couple of others which were in my spam box:
http://pastie.org/pastes/2008775/text
http://pastie.org/pastes/2008780/text
Now on el-reg – http://www.theregister.co.uk/2011/06/02/friendster_password_hack_fears/
i saw some images spreading in twitter and instagram that friendster has been hacked but didnt spread all the emails and passwords in public and i saw some hack name named, 0nec0r3 or OneCore something like that.