[solved] If you're a customer of Intl-Outdoor there is the possibility that your data is online

well i guess it would be possible to extract all hash keys from the file automatically at once, e.g. with a clever text editor or mma, and then feed the list of MD5's to google webpages such as hash-cracker.com but i dont believe that any of us flashaholics is up to the task. besides, since MD5's are irreversible, the password would have to be in the database of 700 mio strings already. if your password is really unique e.g. the string kreisler then the MD5 could not be decrypted ;)

And now..

..gimme da hash!!

;) hehe

Yeah, who ever downloaded the page could have easily gotten everything... At this point I don't see a need to shop at Intl-Outdoor again, they put my public information out on the web. I think someone needs to crack the hashes and fill in all of the info including passwords and send that on to Intl-Outdoor to point out how insecure it was.

Hmmm, I thought I paid with Paypal, am I compromised too?

Is still the data available?

still available….just search there url for the keyword sql and you get the databasebackup.

Mine isn’t there anymore.

NEVER EVER specify a public folder as output for the backup routine of a webserver

Damn, the SQL list is still there but at a different URL. :'( Intl-outdoor has really screwed up, but atleast it doesn't show up when you search last name site:intl-outdoor.com.

its still available to everyone that is what counts.
Just Google has made their homework IO not.
That’s really embarrassing

i have forgotten my password to IO so many times i end up resetting it everytime i make an order… and then forget about changing it lol.

If you want to know your password you could just look it up in the tables.

Any word from int-outdoors yet?

Aren’t they out for cny? If so, there may not be anyone to deal with this :expressionless:

ive seen hank on gmail messenger… you could try that

Yeap, I saw it.
Why the subject is “solved”? Data are still available. In addition I can see some amounts of the transactions.

I'm not seeing any transactions, just: full name, address, phone number, email, and a encrypted version of their password.

For example:

INSERT INTO `orders_status_history` VALUES(‘4611’,‘1538’,‘2’,’2012-03-20

16:02:29’,‘0’,’Transaction ID: 5YU21003UL582231C nPayment Type: PayPal

Express Checkout (instant) nTimestamp: 2012-03-20T23:02:28Z nPayment

Status: Completed nAmount: 92.00 USD ’);

Fancy trying graham Entwistles phone number? Just for a giggle.

Damn, you're right. At least there is no way for them to release the paypal account's password as they never get it. ;) I also found IP addresses.

I just had a phone call, someone trying to sell me paisley…….