Friendster used to be the best but now...
I visited back and the new redesign looks like crap.
Multiple users have reported receiving spam emails containing their Friendster password in plain text. The appearance of the suspicious emails to registered Friendster addresses (widely reported by numerous Twitter users on Thursday) has spawned fears that Friendster database might have been hacked. An alternative theory is …
If it's your friendster password and it's in plaintext it suggests 1 of two things;
- Friendster store passwords in plaintext
OR
- Friendster uses a non-salted hash
More likely the former IME. They've some explaining to do regarding that before they even start on how they were compromised!
Don't use them thankfully, but there needs to be a culture of change regarding storing of passwords. When even the venerable vulture stores in plaintext there's something badly wrong
Apparently if you use their password reminder service, it just emails y our the password...so, yeah, plaintext. Nice!
I got the spam and was wracking my brains as to what it was for. Picked it up on my email which matches email addresses then pulls the name from your address book, so I didn't realise at first that they had used my password as my name other than in the text ("Dear Customer PASSWORD"...)
Luckily it's clearly spam (From CFX Group in my case), but it's worrying where else the passwords have got to...
From the article: "An alternative theory is that a partner of the once massive social networking site might have leaked the data."
Why on earth would they have given the _passwords_ to a partner? That's a bit WTF. I can understand sharing names and email addresses with partners, but passwords? That's just stupid.