Names Changed to Protect the Guilty

3 Jul 2012

, ,


This came to me via one of my clients – they were talking about problems they’d had with another web developer.

The site in question is a standard ecommerce site where users have to register as part of the checkout process, and login to get downloads, and special discounts. Problem started when the site owner got this email from one of their customers.

I want to report that your site is NOT secure.
I had forgotten my password. So I did a Google search to see if I can find the webpage on how to re-set it.
Guess what? Someone has hacked your site and obtained all the passwords and email addresses and posted them online.
Sure enough, I found my email … and my forgotten password.

Basically, some script kiddies had hacked the site and posted all email addresses and passwords online with lots of (in)appropriate “ha ha, we got you good!” messages

Read More