back to article Friendster password emails spark site hack fears

Multiple users have reported receiving spam emails containing their Friendster password in plain text. The appearance of the suspicious emails to registered Friendster addresses (widely reported by numerous Twitter users on Thursday) has spawned fears that Friendster database might have been hacked. An alternative theory is …

COMMENTS

This topic is closed for new posts.
  1. Inachu
    FAIL

    Friendster used to be the best but now...

    I visited back and the new redesign looks like crap.

  2. Anonymous Coward
    Facepalm

    Bugger confirmation

    If it's your friendster password and it's in plaintext it suggests 1 of two things;

    - Friendster store passwords in plaintext

    OR

    - Friendster uses a non-salted hash

    More likely the former IME. They've some explaining to do regarding that before they even start on how they were compromised!

    Don't use them thankfully, but there needs to be a culture of change regarding storing of passwords. When even the venerable vulture stores in plaintext there's something badly wrong

  3. Anonymous Coward
    Anonymous Coward

    I don't usually compromise my security

    but when I do, I use Friendster

  4. Dan Wilkinson
    FAIL

    Plaintext passwords

    Apparently if you use their password reminder service, it just emails y our the password...so, yeah, plaintext. Nice!

    I got the spam and was wracking my brains as to what it was for. Picked it up on my email which matches email addresses then pulls the name from your address book, so I didn't realise at first that they had used my password as my name other than in the text ("Dear Customer PASSWORD"...)

    Luckily it's clearly spam (From CFX Group in my case), but it's worrying where else the passwords have got to...

  5. Gordan
    WTF?

    Partner leak?

    From the article: "An alternative theory is that a partner of the once massive social networking site might have leaked the data."

    Why on earth would they have given the _passwords_ to a partner? That's a bit WTF. I can understand sharing names and email addresses with partners, but passwords? That's just stupid.

  6. Oninoshiko

    This is a title, it contains letters and/or digits.

    "Even so the site abandoned social networking altogether last month, repositioning as a social gaming site."

    So, exactly like farcebook?

  7. Franklin
    FAIL

    Must contain letters and/or digits

    I got one of those emails. I'd forgotten I even HAD a Friendster account.

    Needless to say, I don't any more. Canceled the account within five minutes of getting the email. And fortunately, I don't use the same password in other places.

This topic is closed for new posts.

Other stories you might like