As a popular destination for many that are involved with USENET, DSLReports.com has long been a haven to discuss news and information in their dedicated newsgroups online forums. If you are one of them, you may want to take another visit and change your information on the site.
DSLReports.com has reported today that their e-mail addresses and passwords may have been exposed during an attack on the Web site earlier this week.
Over a period of four hours on Wednesday, an automated SQL Injection attack leeched plain text passwords and email addresses from DSLReports.com. The attack created a good deal of noise, causing connection issues and brief outages, but by the time it was discovered, nearly 8-percent of the database had been ransacked. How many of the users information that were part of the USENET related forums are still not known.
Justin Beech, founder of DSLReports.com, wrote in an e-mail to members:
“The data was taken on Wednesday afternoon, recognized and blocked at 7 p.m., and by Wednesday evening all the active accounts received e-mail notifications advising them to change their password if they share it with that e-mail address and all passwords were changed at that time,” he wrote. “My hope is that few if any members will actually lose more than time to change passwords that they share among other sites.”
There has been some flack given to Beech over his method of storing passwords. Given the age of the site, it is likely that the password system is a legacy system. Updates to it would have required large investments in hardware and development. These investments are costly, and it is possible DSLReports.com simply did not have the funds or development team in place to take on the project. They have little choice in the matter now.
“Obviously having both an SQL injection attack hole (now closed) and plain text passwords is a big black eye, and I’ll be addressing these problems as fast, but as carefully, as I can,” Beech wrote. “My apology for any stress this causes. If you are like me you’ve also got the PSN network issue hanging over your head as well.”
The news comes on the heels of a large data breach at Sony PlayStation Network that potentially affects 77 million accounts that had previously been reported on gaming newsgroups, PS3 newsgroups and PSN newsgroups. Sony says customer names, passwords, addresses, e-mail addresses, birthdays and user names were exposed, but can not say whether or not credit card information is at risk.
The error in keeping the information encrypted is an issue that is being resolved at DSLReports.com and ThunderNews.com recommends that any users of the site should login and change their passwords.