Friendster password emails spark site hack fears
Blast from the social networking past
Multiple users have reported receiving spam emails containing their Friendster password in plain text.
The appearance of the suspicious emails to registered Friendster addresses (widely reported by numerous Twitter users on Thursday) has spawned fears that Friendster database might have been hacked. An alternative theory is that a partner of the once massive social networking site might have leaked the data.
All this remains unconfirmed. We've asked Friendster for a response but are yet to hear back.
We ran an early blog report explaining the suspicious emails past net security firm Sophos: it said that although any individual report might be circumstantial, the collective weight of reports leaves Friendster with some explaining to do.
In the meantime users who received the suspicious emails would be well advised to change their passwords, especially if they used their Friendster password on other sites.
Friendster was one of the original social networking websites but its position was usurped by MySpace and Facebook, at least in the West, where it has since become a topic of parody. The site remained popular in Asia.
Even so the site abandoned social networking altogether last month, repositioning as a social gaming site. ®
If it's your friendster password and it's in plaintext it suggests 1 of two things;
- Friendster store passwords in plaintext
- Friendster uses a non-salted hash
More likely the former IME. They've some explaining to do regarding that before they even start on how they were compromised!
Don't use them thankfully, but there needs to be a culture of change regarding storing of passwords. When even the venerable vulture stores in plaintext there's something badly wrong
I don't usually compromise my security
but when I do, I use Friendster
Must contain letters and/or digits
I got one of those emails. I'd forgotten I even HAD a Friendster account.
Needless to say, I don't any more. Canceled the account within five minutes of getting the email. And fortunately, I don't use the same password in other places.