[solved] If you're a customer of Intl-Outdoor there is the possibility that your data is online

For example:

INSERT INTO `orders_status_history` VALUES(‘4611’,‘1538’,‘2’,’2012-03-20

16:02:29’,‘0’,’Transaction ID: 5YU21003UL582231C nPayment Type: PayPal

Express Checkout (instant) nTimestamp: 2012-03-20T23:02:28Z nPayment

Status: Completed nAmount: 92.00 USD ’);

Fancy trying graham Entwistles phone number? Just for a giggle.

Damn, you're right. At least there is no way for them to release the paypal account's password as they never get it. ;) I also found IP addresses.

I just had a phone call, someone trying to sell me paisley…….

i like a hint of paisley on my spam in the morning… is that shiz easy to grow???

I can’t come up with anything. Do you have to log in? How does one enter sql into the search?

If you find out, let me know, I pm-d someone to ask them but didn’t get through.

Guys, as someone who knows this stuff I'm not going to share a link. Much better if less people find it.

I agree.

I have sent PMs to a few of the people above but here my official response is.

Sorry, but I’m not going to share a link to the info just because I would prefer for less people to know about it. If you have purchased from IO your: full name, address, phone number, email registered with them, paypal email, paypal transaction ID #, IP address, shipping option, currency paid in, and a encrypted version of your password are all on it.

Sorry,

David

Yeah, this isn’t good. I just Googled and quickly found a 32 megabyte SQL dump file of what is probably their entire database, still available on their site.

I just edited their BLF rating page and removed the “Recommended” badge…

Yeah, someone has really screwed up in their case. Thanks for doing that, I was going to suggest it anyways. ;)

meh…. i should probably change all 308,938,392 of my online passwords now right?

its been a while since i changed everything… i dont use the same thing for everything though… i recently changed my intl outdoor pass because i forgot it … but who knows when the sql dump is from

Well that sucks, I didn’t use a password that is used elsewhere and my info is all over anyways… I’m not really worried but it’s still disheartening to see this happen in what used to be a moderately trusted business. Such is the reality of the web nowadays, things are never completely secure (Which is why I’m never completely trusting, least here on the webs).

I do, actually. It’s clearly labelled with the date of the dump. I won’t mention it here to avoid making it easier to find, though.

ok… i guess its time to change my passwords just to be safe then

As a BLF member who has purchased from the company, I would like it if someone would PM me the method, or link to access my data that they are saying is on the internet, and which they are looking at.

And as BLF member who thinks it is for the best for as few people as possible to know about this stuff, I would encourage anyone who found it to refrain from doing that.

I’m still waiting on that phone call, scaru, your no fun… :bigsmile:

I do hope that someone has enough integrity to pm me the link rather than patronize me and treat me as an outsider.