cancel
Showing results for 
Search instead for 
Did you mean: 

Friendster hacked?

Community Gaffer
Community Gaffer
Posts: 12,858
Thanks: 676
Fixes: 64
Registered: 04-04-2007

Friendster hacked?

Looks like friendster.com may have suffered a security breach. More info here.
Found that site after receiving a spam email yesterday containing a password that I commonly use! Shocked

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

11 REPLIES
Moderator
Moderator
Posts: 17,250
Thanks: 904
Fixes: 104
Registered: 11-01-2008

Re: Friendster hacked?

never been on friendster... thankfully because after the m&s, play and psn issues would have been the final straw..
Will Moderate For Thanks
phil4
Grafter
Posts: 244
Registered: 13-12-2007

Re: Friendster hacked?

http://www.theregister.co.uk/2011/06/02/friendster_password_hack_fears/
Lessons:
a) Don't use the same password for important sites as unimportant.
b) Be wary of what data you put into a system/site.
c) Trust no one.
I guess Bob might now see why people like me have been questioning of PN's own storage/access of details (Eg. the whole "why do the CS people need to ask me my password" debate).
Community Gaffer
Community Gaffer
Posts: 12,858
Thanks: 676
Fixes: 64
Registered: 04-04-2007

Re: Friendster hacked?

Quote from: phil4
a) Don't use the same password for important sites as unimportant.

Which I don't thankfully, but I'll admit to using the Friendster password for a lot of eCommerce sites etc. that may/may not store my payment information depending on who they are. I've been compiling a list of passwords I need to change and it's becoming pretty lengthy!
Storing passwords in plain text is a far cry from our support agents having access to your Plusnet credentials (which are fully encrypted and stored in a database that resides on a fully PCI-compliant network).

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

gswindale
Grafter
Posts: 942
Registered: 05-04-2007

Re: Friendster hacked?

Bob - is it the full password that is requested when customers ring up?
If so, then that is wrong and should be stopped.
You should only ask for certain characters (similar to online banking logins, my mobile phone provider when I ring them up).  That can still be validated against the customer and removes the need for the password to be transmitted "in the clear".
Superuser
Superuser
Posts: 2,515
Thanks: 219
Fixes: 5
Registered: 06-04-2007

Re: Friendster hacked?

Plusnet have only ever asked me for 2 characters from my password when I've contacted them.
Phil
Moderator
Moderator
Posts: 16,548
Thanks: 1,798
Fixes: 125
Registered: 06-04-2007

Re: Friendster hacked?

I've only been asked for the last two characters when I've phoned PN.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

Community Gaffer
Community Gaffer
Posts: 12,858
Thanks: 676
Fixes: 64
Registered: 04-04-2007

Re: Friendster hacked?

Quote from: geofftswin
Bob - is it the full password that is requested when customers ring up?

No, it will typically be two characters as others have alluded to.

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

gswindale
Grafter
Posts: 942
Registered: 05-04-2007

Re: Friendster hacked?

two characters is probably ok, but I am slightly concerned by Mav's post that suggest they're always the last 2 characters.
Denzil
Grafter
Posts: 1,733
Registered: 31-07-2007

Re: Friendster hacked?

Nope, when I rang them recently it was some other random combination.
Community Veteran
Posts: 26,374
Thanks: 630
Fixes: 8
Registered: 10-04-2007

Re: Friendster hacked?

Quote from: Bob
I've been compiling a list of passwords I need to change and it's becoming pretty lengthy!

I've been using http://keepass.info/ for some time now and use it to generate passwords. I don't even try to use passwords I can remember for anything except those I have to key regularly (e.g. Windows password for unlocking the work PC when the screen saver has kicked in).
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
phil4
Grafter
Posts: 244
Registered: 13-12-2007

Re: Friendster hacked?

Quote from: Bob
Quote from: geofftswin
Bob - is it the full password that is requested when customers ring up?

No, it will typically be two characters as others have alluded to.

As mentioned, a couple of times now I've been asked for the full password.