[solved] If you're a customer of Intl-Outdoor there is the possibility that your data is online

jmpaul320 · February 15, 2013, 9:44pm

i have forgotten my password to IO so many times i end up resetting it everytime i make an order… and then forget about changing it lol.

scaru · February 15, 2013, 9:50pm

If you want to know your password you could just look it up in the tables.

CM2010 · February 15, 2013, 9:52pm

Any word from int-outdoors yet?

gords1001 · February 15, 2013, 10:00pm

Aren’t they out for cny? If so, there may not be anyone to deal with this

jmpaul320 · February 15, 2013, 10:02pm

ive seen hank on gmail messenger… you could try that

wikiman · February 15, 2013, 10:54pm

Yeap, I saw it.
Why the subject is “solved”? Data are still available. In addition I can see some amounts of the transactions.

scaru · February 15, 2013, 11:02pm

I'm not seeing any transactions, just: full name, address, phone number, email, and a encrypted version of their password.

wikiman · February 15, 2013, 11:07pm

For example:

INSERT INTO `orders_status_history` VALUES(‘4611’,‘1538’,‘2’,’2012-03-20

16:02:29’,‘0’,’Transaction ID: 5YU21003UL582231C nPayment Type: PayPal

Express Checkout (instant) nTimestamp: 2012-03-20T23:02:28Z nPayment

Status: Completed nAmount: 92.00 USD ’);

gords1001 · February 15, 2013, 11:13pm

Fancy trying graham Entwistles phone number? Just for a giggle.

scaru · February 15, 2013, 11:23pm

Damn, you're right. At least there is no way for them to release the paypal account's password as they never get it. ;) I also found IP addresses.

Hopback · February 15, 2013, 11:28pm

I just had a phone call, someone trying to sell me paisley…….

Pulsar · February 15, 2013, 11:30pm

i like a hint of paisley on my spam in the morning… is that shiz easy to grow???

ri_chevy · February 16, 2013, 12:11am

I can’t come up with anything. Do you have to log in? How does one enter sql into the search?

brad · February 16, 2013, 12:49am

If you find out, let me know, I pm-d someone to ask them but didn’t get through.

scaru · February 16, 2013, 1:04am

Guys, as someone who knows this stuff I'm not going to share a link. Much better if less people find it.

wikiman · February 16, 2013, 1:10am

I agree.

scaru · February 16, 2013, 1:11am

I have sent PMs to a few of the people above but here my official response is.

Sorry, but I’m not going to share a link to the info just because I would prefer for less people to know about it. If you have purchased from IO your: full name, address, phone number, email registered with them, paypal email, paypal transaction ID #, IP address, shipping option, currency paid in, and a encrypted version of your password are all on it.

Sorry,

David

sb56637 · February 16, 2013, 1:18am

Yeah, this isn’t good. I just Googled and quickly found a 32 megabyte SQL dump file of what is probably their entire database, still available on their site.

I just edited their BLF rating page and removed the “Recommended” badge…

scaru · February 16, 2013, 1:21am

Yeah, someone has really screwed up in their case. Thanks for doing that, I was going to suggest it anyways. ;)

jmpaul320 · February 16, 2013, 1:22am

meh…. i should probably change all 308,938,392 of my online passwords now right?

its been a while since i changed everything… i dont use the same thing for everything though… i recently changed my intl outdoor pass because i forgot it … but who knows when the sql dump is from