cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Friendster hacked?

bobpullen
Community Gaffer
Community Gaffer
Posts: 13,582
Thanks: 1,267
Fixes: 103
Registered: ‎04-04-2007

Friendster hacked?

‎02-06-2011 11:39 AM

Looks like friendster.com may have suffered a security breach. More info here.
Found that site after receiving a spam email yesterday containing a password that I commonly use! Shocked

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Message 1 of 12
(4,289 Views)
Reply
0 Thanks
11 REPLIES
dvorak
Moderator
Moderator
Posts: 19,286
Thanks: 2,165
Fixes: 348
Registered: ‎11-01-2008

Re: Friendster hacked?

‎02-06-2011 4:03 PM

never been on friendster... thankfully because after the m&s, play and psn issues would have been the final straw..

Customer / Moderator / If it helped click the thumb / If it fixed it click 'This fixed my problem'

Message 2 of 12
(29 Views)
Reply
0 Thanks
phil4
phil4
Grafter
Posts: 244
Registered: ‎13-12-2007

Re: Friendster hacked?

‎02-06-2011 4:46 PM

http://www.theregister.co.uk/2011/06/02/friendster_password_hack_fears/
Lessons:
a) Don't use the same password for important sites as unimportant.
b) Be wary of what data you put into a system/site.
c) Trust no one.
I guess Bob might now see why people like me have been questioning of PN's own storage/access of details (Eg. the whole "why do the CS people need to ask me my password" debate).
Message 3 of 12
(29 Views)
Reply
0 Thanks
bobpullen
Community Gaffer
Community Gaffer
Posts: 13,582
Thanks: 1,267
Fixes: 103
Registered: ‎04-04-2007

Re: Friendster hacked?

‎03-06-2011 10:32 AM

Quote from: phil4
a) Don't use the same password for important sites as unimportant.

Which I don't thankfully, but I'll admit to using the Friendster password for a lot of eCommerce sites etc. that may/may not store my payment information depending on who they are. I've been compiling a list of passwords I need to change and it's becoming pretty lengthy!
Storing passwords in plain text is a far cry from our support agents having access to your Plusnet credentials (which are fully encrypted and stored in a database that resides on a fully PCI-compliant network).

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Message 4 of 12
(29 Views)
Reply
0 Thanks
gswindale
gswindale
Grafter
Posts: 942
Registered: ‎05-04-2007

Re: Friendster hacked?

‎03-06-2011 12:54 PM

Bob - is it the full password that is requested when customers ring up?
If so, then that is wrong and should be stopped.
You should only ask for certain characters (similar to online banking logins, my mobile phone provider when I ring them up).  That can still be validated against the customer and removes the need for the password to be transmitted "in the clear".
Message 5 of 12
(29 Views)
Reply
0 Thanks
pjmarsh
Superuser
Superuser
Posts: 2,943
Thanks: 647
Fixes: 6
Registered: ‎06-04-2007

Re: Friendster hacked?

‎03-06-2011 1:05 PM

Plusnet have only ever asked me for 2 characters from my password when I've contacted them.
Phil
Message 6 of 12
(29 Views)
Reply
0 Thanks
Mav
Moderator
Moderator
Posts: 18,589
Thanks: 2,888
Fixes: 238
Registered: ‎06-04-2007

Re: Friendster hacked?

‎03-06-2011 1:53 PM

I've only been asked for the last two characters when I've phoned PN.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

Message 7 of 12
(29 Views)
Reply
0 Thanks
bobpullen
Community Gaffer
Community Gaffer
Posts: 13,582
Thanks: 1,267
Fixes: 103
Registered: ‎04-04-2007

Re: Friendster hacked?

‎03-06-2011 1:58 PM

Quote from: geofftswin
Bob - is it the full password that is requested when customers ring up?

No, it will typically be two characters as others have alluded to.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Message 8 of 12
(29 Views)
Reply
0 Thanks
gswindale
gswindale
Grafter
Posts: 942
Registered: ‎05-04-2007

Re: Friendster hacked?

‎03-06-2011 2:30 PM

two characters is probably ok, but I am slightly concerned by Mav's post that suggest they're always the last 2 characters.
Message 9 of 12
(29 Views)
Reply
0 Thanks
Denzil
Denzil
Grafter
Posts: 1,733
Registered: ‎31-07-2007

Re: Friendster hacked?

‎03-06-2011 5:24 PM

Nope, when I rang them recently it was some other random combination.
Message 10 of 12
(29 Views)
Reply
0 Thanks
jelv
Community Veteran
Posts: 26,746
Thanks: 959
Fixes: 10
Registered: ‎10-04-2007

Re: Friendster hacked?

‎04-06-2011 11:28 AM

Quote from: Bob
I've been compiling a list of passwords I need to change and it's becoming pretty lengthy!

I've been using http://keepass.info/ for some time now and use it to generate passwords. I don't even try to use passwords I can remember for anything except those I have to key regularly (e.g. Windows password for unlocking the work PC when the screen saver has kicked in).
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Message 11 of 12
(29 Views)
Reply
0 Thanks
phil4
phil4
Grafter
Posts: 244
Registered: ‎13-12-2007

Re: Friendster hacked?

‎05-06-2011 6:24 PM

Quote from: Bob
Quote from: geofftswin
Bob - is it the full password that is requested when customers ring up?

No, it will typically be two characters as others have alluded to.

As mentioned, a couple of times now I've been asked for the full password. 
Message 12 of 12
(29 Views)
Reply
0 Thanks