In german flashlight forum TLF members reported that their data is beneath the google search results, obviously some kind of data backup of intl-outdoor online store, that includes:
- name
- address
billing amount
- some reported that a password hash is written in cleartext
If you use your password for several accounts all over the internet, you should consider changing it.
Members reported that they contacted I-O already.
Don’t write me a PM, I’m not a customer of I-O and can’t share a link to the aforementioned backup data.
EDIT:
Members reported that the link to the data is dead for now.
15-FEB-2013: Still available
Problem seems to be solved since 15th of february.
I just googled a few different ways, couldn’t find myself, wish I could speak German so I knew what to search for…
http://theflashlightforum.com/index.php
http://www.thevapingforum.com/index.php
My LED comparison thread with links.
Tint, Binning, and CRI Explanation (For the XM-L)
http://budgetlightforum.com/node
Intl Outdoor has removed the site now, but I suggest you change your passwords on other sites if you used the same combination of email and password elsewhere.
Also, I knew what to search for but didnt find myself.
-The vulnerability has been fixed. You can no longer directly access the information.
As somebody might still have extracted the database before, it’s recommended that you change your passwords if you are using the same passwort for other websites or services.
-
/edit
seems that the info is still accessible
Nothing to find about me. My the means of the internet I don’t even exist.
Thank you Nightcrawl and Pöbel !
visit my photostream:
http://www.flickr.com/photos/absolute_rookie/
Thanks for the heads up guys, I’ll change my passwords but there’s no billing data on there I don’t think, unless PayPal has been hacked, either way, good luck getting cash out of my account, I can’t lol.
http://theflashlightforum.com/index.php
http://www.thevapingforum.com/index.php
no, there has been no billing data!
Just Name, Address, E-Mail and possibly the PW hash.
Yeah, mine is still out there.
My LED comparison thread with links.
Tint, Binning, and CRI Explanation (For the XM-L)
http://budgetlightforum.com/node
Yep still available…now I have stolen all your identities…muhhaaaw >)
How do you change your password can't find a link on the site?
I'll add that it only shows up in google search, the whole in their system seems to have been fixed. Can anyone confirm my theory that before you could download a SQL file with everyones info in it?
My LED comparison thread with links.
Tint, Binning, and CRI Explanation (For the XM-L)
http://budgetlightforum.com/node
yes, that is exactly what happend. You could download the whole file directly from their site. They responded swiftly to the mails and took it down, but still this should not have happend in the first place.
Somebody should submit a Google takedown request to get that data removed from Google’s cache.
http://www.google.com/dmca.html
I imagine the request would be processed faster if the site owner (Intl-Outdoor) were to submit the request. Maybe somebody could suggest this to them.
Budget Light Forum ...where Frugal meets with Flashlight!
I forwarded a link to SB’s post directly to Hank.
Still available(not with google) and now I know the addresses of you guys so we can shut down the forum and write old school letters?…
I request a password before every order so I have no issues with that.
How are you guys seeing this stuff? I tried searching via google but come up blank.
Ohhh boy…
I don´t use same user / password in ANY 2 sites over the net.
And I can assure, there are a TON of them. I keep a list of passwords.
I just changed my IOS password, but have no idea what the old one was. I know that my BLF password is as complex a password as I use (because I have to use capitals, numbers, punctuation etc, but again, have no idea what it is, and can’t remember how or where to check what passwords Windows 7 stores for me.
Changing the PW at IO doesnt make any sense because your old password was visible..
Quote before its gone.
Well, people now go crazy about "I have to change my password at IO so nothing bad happens to other sites".. fact is, that the old password was visible and someone probably saved them. Thats why I said: change the password on other sites where you used the same email/password combination.
Copy that?
Maybe I should have written "Changing the PW only at IO..".
If you still dont understand, I'll explain it to you via PM in German (because obviously your english skills are non-existent *troll the troll*)
If you still dont understand, I'll explain it to you via PM in German (because obviously your english skills are non-existent *troll the troll*)
I like it.
djozz quotes, "it came with chinese lettering that is chinese to me".
"My man mousehole needs one too"
old4570 said "I'm not an expert , so don't suffer from any such technical restrictions".
Old-Lumens. Highly admired and cherished member of Budget Light Forum. 11.5.2011 - 20.12.16. RIP.
Why writing a Pm, now you can send a postcard to the address from the customer database……
And we should demand some discount for this dumb backup…a free gift for everyone
It was encrypted, but I guess if you had one clear-type password (for example your own) and the matching hash key, you could find out how to decrypt the rest. Not too hard..
well i guess it would be possible to extract all hash keys from the file automatically at once, e.g. with a clever text editor or mma, and then feed the list of MD5's to google webpages such as hash-cracker.com but i dont believe that any of us flashaholics is up to the task. besides, since MD5's are irreversible, the password would have to be in the database of 700 mio strings already. if your password is really unique e.g. the string kreisler then the MD5 could not be decrypted
And now..
..gimme da hash!!
Yeah, who ever downloaded the page could have easily gotten everything... At this point I don't see a need to shop at Intl-Outdoor again, they put my public information out on the web. I think someone needs to crack the hashes and fill in all of the info including passwords and send that on to Intl-Outdoor to point out how insecure it was.
My LED comparison thread with links.
Tint, Binning, and CRI Explanation (For the XM-L)
http://budgetlightforum.com/node
Hmmm, I thought I paid with Paypal, am I compromised too?
Is still the data available?
Enjoy BLF
Pages