I just googled a few different ways, couldn’t find myself, wish I could speak German so I knew what to search for…

gords1001 wrote:

I just googled a few different ways, couldn't find myself, wish I could speak German so I knew what to search for...

Intl Outdoor has removed the site now, but I suggest you change your passwords on other sites if you used the same combination of email and password elsewhere.

Also, I knew what to search for but didnt find myself.

-The vulnerability has been fixed. You can no longer directly access the information.

As somebody might still have extracted the database before, it’s recommended that you change your passwords if you are using the same passwort for other websites or services.
-

/edit

seems that the info is still accessible

Nothing to find about me. My the means of the internet I don’t even exist.

Thanks for the heads up guys, I’ll change my passwords but there’s no billing data on there I don’t think, unless PayPal has been hacked, either way, good luck getting cash out of my account, I can’t lol.

no, there has been no billing data!

Just Name, Address, E-Mail and possibly the PW hash.

Yeah, mine is still out there.

Yep still available…now I have stolen all your identities…muhhaaaw >)

How do you change your password can't find a link on the site?

I'll add that it only shows up in google search, the whole in their system seems to have been fixed. Can anyone confirm my theory that before you could download a SQL file with everyones info in it?

scaru wrote:

I’ll add that it only shows up in google search, the whole in their system seems to have been fixed. Can anyone confirm my theory that before you could download a SQL file with everyones info in it?

yes, that is exactly what happend. You could download the whole file directly from their site. They responded swiftly to the mails and took it down, but still this should not have happend in the first place.

Somebody should submit a Google takedown request to get that data removed from Google’s cache.
http://www.google.com/dmca.html
I imagine the request would be processed faster if the site owner (Intl-Outdoor) were to submit the request. Maybe somebody could suggest this to them.

leaftye wrote:

sb56637 wrote:

Somebody should submit a Google takedown request to get that data removed from Google’s cache. http://www.google.com/dmca.html I imagine the request would be processed faster if the site owner (Intl-Outdoor) were to submit the request. Maybe somebody could suggest this to them.

Done, but via feedback.

I forwarded a link to SB’s post directly to Hank.

Still available(not with google) and now I know the addresses of you guys so we can shut down the forum and write old school letters?…

I request a password before every order so I have no issues with that.

How are you guys seeing this stuff?  I tried searching via google but come up blank.

Ohhh boy…

I don´t use same user / password in ANY 2 sites over the net.
And I can assure, there are a TON of them. I keep a list of passwords.

I just changed my IOS password, but have no idea what the old one was. I know that my BLF password is as complex a password as I use (because I have to use capitals, numbers, punctuation etc, but again, have no idea what it is, and can’t remember how or where to check what passwords Windows 7 stores for me.

Changing the PW at IO doesnt make any sense because your old password was visible..

kreisler wrote:

NightCrawl wrote:

Changing the PW at IO doesnt make any sense because your old password was visible..

this phrase of yours doesnt make sense to me simone

Quote before its gone.

Well, people now go crazy about "I have to change my password at IO so nothing bad happens to other sites".. fact is, that the old password was visible and someone probably saved them. Thats why I said: change the password on other sites where you used the same email/password combination.

Copy that?

kreisler wrote:

NightCrawl wrote:

Well, people now go crazy about "I have to change my password at IO so nothing bad happens to other sites".. fact is, that the old password was visible and someone probably saved them. Thats why I said: change the password on other sites where you used the same email/password combination.

this is kinda understand.

NightCrawl wrote:

Changing the PW at IO doesnt make any sense because your old password was visible..

this is still dont understand

 

never mind so far. thanks!

Maybe I should have written "Changing the PW only at IO..".

If you still dont understand, I'll explain it to you via PM in German (because obviously your english skills are non-existent *troll the troll*)

If you still dont understand, I'll explain it to you via PM in German (because obviously your english skills are non-existent *troll the troll*) 

I like it.

Why writing a Pm, now you can send a postcard to the address from the customer database……

And we should demand some discount for this dumb backup…a free gift for everyone

kreisler wrote:

"Changing the PW at IO doesnt make any sense because your old password was not visible."

that sounds logical to me: if the PW was encrypted in the file, then it is secure and doesnt need to be changed!

 

NightCrawl wrote:

Maybe I should have written "Changing the PW only at IO..".

ok, that makes more sense too.

It was encrypted, but I guess if you had one clear-type password (for example your own) and the matching hash key, you could find out how to decrypt the rest. Not too hard..

NightCrawl wrote:

and the matching hash key, you could find out how to decrypt the rest. Not too hard..

well i guess it would be possible to extract all hash keys from the file automatically at once, e.g. with a clever text editor or mma, and then feed the list of MD5's to google webpages such as hash-cracker.com but i dont believe that any of us flashaholics is up to the task. besides, since MD5's are irreversible, the password would have to be in the database of 700 mio strings already. if your password is really unique e.g. the string kreisler then the MD5 could not be decrypted

And now..

..gimme da hash!!

hehe

Yeah, who ever downloaded the page could have easily gotten everything... At this point I don't see a need to shop at Intl-Outdoor again, they put my public information out on the web. I think someone needs to crack the hashes and fill in all of the info including passwords and send that on to Intl-Outdoor to point out how insecure it was. 

Hmmm, I thought I paid with Paypal, am I compromised too?

Is still the data available?