[solved] If you're a customer of Intl-Outdoor there is the possibility that your data is online

103 posts / 0 new
Last post
Werner
Werner's picture
Offline
Last seen: 2 years 3 months ago
Joined: 10/19/2012 - 15:00
Posts: 3679
Location: Germany

still available….just search there url for the keyword sql and you get the databasebackup.

scaru
scaru's picture
Offline
Last seen: 5 years 1 month ago
Joined: 03/22/2012 - 13:36
Posts: 6946
Location: Virginia

Werner wrote:
still available....
Mine isn't there anymore. 
Steve_the_Chief
Steve_the_Chief's picture
Offline
Last seen: 2 years 9 months ago
Joined: 11/19/2011 - 06:12
Posts: 597
Location: Germany

NEVER EVER specify a public folder as output for the backup routine of a webserver Yell

scaru
scaru's picture
Offline
Last seen: 5 years 1 month ago
Joined: 03/22/2012 - 13:36
Posts: 6946
Location: Virginia

Damn, the SQL list is still there but at a different URL. :'( Intl-outdoor has really screwed up, but atleast it doesn't show up when you search last name site:intl-outdoor.com. 

Werner
Werner's picture
Offline
Last seen: 2 years 3 months ago
Joined: 10/19/2012 - 15:00
Posts: 3679
Location: Germany

its still available to everyone that is what counts.
Just Google has made their homework IO not.
That’s really embarrassing

jmpaul320
jmpaul320's picture
Offline
Last seen: 1 month 6 days ago
Joined: 05/22/2012 - 09:06
Posts: 4189
Location: CT

i have forgotten my password to IO so many times i end up resetting it everytime i make an order… and then forget about changing it lol.

Would you mind keeping the wrong flashlight?
Best wish, May
Tmart service team

 

Soumil wrote:

PLEASE HELP ME GEARBEsT! IM LITERALLY CRYING!

 

scaru
scaru's picture
Offline
Last seen: 5 years 1 month ago
Joined: 03/22/2012 - 13:36
Posts: 6946
Location: Virginia

jmpaul320 wrote:
i have forgotten my password to IO so many times i end up resetting it everytime i make an order... and then forget about changing it lol.

If you want to know your password you could just look it up in the tables. Yell

CM2010
Offline
Last seen: 10 hours 15 sec ago
Joined: 07/19/2012 - 05:48
Posts: 674

Any word from int-outdoors yet?

gords1001
gords1001's picture
Offline
Last seen: 3 years 7 months ago
Joined: 05/07/2012 - 14:02
Posts: 5276
Location: wigan england

Aren’t they out for cny? If so, there may not be anyone to deal with this Flat Stare

jmpaul320
jmpaul320's picture
Offline
Last seen: 1 month 6 days ago
Joined: 05/22/2012 - 09:06
Posts: 4189
Location: CT
gords1001 wrote:
Aren’t they out for cny? If so, there may not be anyone to deal with this Flat Stare

ive seen hank on gmail messenger… you could try that

Would you mind keeping the wrong flashlight?
Best wish, May
Tmart service team

 

Soumil wrote:

PLEASE HELP ME GEARBEsT! IM LITERALLY CRYING!

 

wikiman
wikiman's picture
Offline
Last seen: 2 years 2 months ago
Joined: 01/15/2013 - 16:48
Posts: 91
Location: Poland
jmpaul320 wrote:
gords1001 wrote:
Aren’t they out for cny? If so, there may not be anyone to deal with this Flat Stare

ive seen hank on gmail messenger… you could try that

Yeap, I saw it.
Why the subject is “solved”? Data are still available. In addition I can see some amounts of the transactions.

scaru
scaru's picture
Offline
Last seen: 5 years 1 month ago
Joined: 03/22/2012 - 13:36
Posts: 6946
Location: Virginia

wikiman wrote:
jmpaul320 wrote:
gords1001 wrote:
Aren't they out for cny? If so, there may not be anyone to deal with this :|
ive seen hank on gmail messenger... you could try that
Yeap, I saw it. Why the subject is "solved"? Data are still available. In addition I can see some amounts of the transactions.

I'm not seeing any transactions, just: full name, address, phone number, email, and a encrypted version of their password. 

wikiman
wikiman's picture
Offline
Last seen: 2 years 2 months ago
Joined: 01/15/2013 - 16:48
Posts: 91
Location: Poland

For example:

INSERT INTO `orders_status_history` VALUES(‘4611’,‘1538’,‘2’,‘2012-03-20

16:02:29’,‘0’,‘Transaction ID: 5YU21003UL582231C nPayment Type: PayPal

Express Checkout (instant) nTimestamp: 2012-03-20T23:02:28Z nPayment

Status: Completed nAmount: 92.00 USD ‘);

gords1001
gords1001's picture
Offline
Last seen: 3 years 7 months ago
Joined: 05/07/2012 - 14:02
Posts: 5276
Location: wigan england

Fancy trying graham Entwistles phone number? Just for a giggle.

scaru
scaru's picture
Offline
Last seen: 5 years 1 month ago
Joined: 03/22/2012 - 13:36
Posts: 6946
Location: Virginia

wikiman wrote:
For example: INSERT INTO `orders_status_history` VALUES('4611','1538','2','2012-03-20 16:02:29','0','Transaction ID: 5YU21003UL582231C nPayment Type: PayPal Express Checkout (instant) nTimestamp: 2012-03-20T23:02:28Z nPayment Status: Completed nAmount: 92.00 USD ');

Damn, you're right. At least there is no way for them to release the paypal account's password as they never get it. Wink I also found IP addresses. Yell

Hopback
Hopback's picture
Offline
Last seen: 5 years 2 months ago
Joined: 04/19/2012 - 15:32
Posts: 564
Location: West Sussex

I just had a phone call, someone trying to sell me paisley…….

Pulsar
Pulsar's picture
Offline
Last seen: 4 months 4 weeks ago
Joined: 07/29/2011 - 00:41
Posts: 5848
Location: Maine

Hopback wrote:
I just had a phone call, someone trying to sell me paisley…….

i like a hint of paisley on my spam in the morning… is that shiz easy to grow???
ri chevy
Offline
Last seen: 10 months 4 weeks ago
Joined: 11/26/2011 - 20:50
Posts: 782
Location: Ocean State

I can’t come up with anything. Do you have to log in? How does one enter sql into the search?

brad
brad's picture
Offline
Last seen: 4 hours 10 min ago
Joined: 12/04/2012 - 02:07
Posts: 2411
Location: USA
ri chevy wrote:
I can’t come up with anything. Do you have to log in? How does one enter sql into the search?

If you find out, let me know, I pm-d someone to ask them but didn’t get through.

Not what we have but what we enjoy, constitutes our abundance.

scaru
scaru's picture
Offline
Last seen: 5 years 1 month ago
Joined: 03/22/2012 - 13:36
Posts: 6946
Location: Virginia

Guys, as someone who knows this stuff I'm not going to share a link. Much better if less people find it. 

wikiman
wikiman's picture
Offline
Last seen: 2 years 2 months ago
Joined: 01/15/2013 - 16:48
Posts: 91
Location: Poland
scaru wrote:

Guys, as someone who knows this stuff I’m not going to share a link. Much better if less people find it. 

I agree.

scaru
scaru's picture
Offline
Last seen: 5 years 1 month ago
Joined: 03/22/2012 - 13:36
Posts: 6946
Location: Virginia

I have sent PMs to a few of the people above but here my official response is. 

Sorry, but I’m not going to share a link to the info just because I would prefer for less people to know about it. If you have purchased from IO your: full name, address, phone number, email registered with them, paypal email, paypal transaction ID #, IP address, shipping option, currency paid in, and a encrypted version of your password are all on it.

Sorry, 

David

sb56637
sb56637's picture
Offline
Last seen: 4 hours 41 min ago
Joined: 01/08/2010 - 09:29
Posts: 7141
Location: The Light

Yeah, this isn’t good. I just Googled and quickly found a 32 megabyte SQL dump file of what is probably their entire database, still available on their site.

I just edited their BLF rating page and removed the “Recommended” badge…

Budget Light Forum ...where Frugal meets with Flashlight!

scaru
scaru's picture
Offline
Last seen: 5 years 1 month ago
Joined: 03/22/2012 - 13:36
Posts: 6946
Location: Virginia

sb56637 wrote:
Yeah, this isn't good. I just Googled and quickly found a 32 megabyte SQL dump file of what is probably their entire database, still available on their site. I just edited their BLF rating page and removed the "Recommended" badge...

Yeah, someone has really screwed up in their case. Thanks for doing that, I was going to suggest it anyways. Wink

jmpaul320
jmpaul320's picture
Offline
Last seen: 1 month 6 days ago
Joined: 05/22/2012 - 09:06
Posts: 4189
Location: CT

meh…. i should probably change all 308,938,392 of my online passwords now right?

its been a while since i changed everything… i dont use the same thing for everything though… i recently changed my intl outdoor pass because i forgot it … but who knows when the sql dump is from

Would you mind keeping the wrong flashlight?
Best wish, May
Tmart service team

 

Soumil wrote:

PLEASE HELP ME GEARBEsT! IM LITERALLY CRYING!

 

Dobanodnao
Offline
Last seen: 7 years 11 months ago
Joined: 10/30/2012 - 19:47
Posts: 130
Location: WNY

Well that sucks, I didn’t use a password that is used elsewhere and my info is all over anyways.. I’m not really worried but it’s still disheartening to see this happen in what used to be a moderately trusted business. Such is the reality of the web nowadays, things are never completely secure (Which is why I’m never completely trusting, least here on the webs).

sb56637
sb56637's picture
Offline
Last seen: 4 hours 41 min ago
Joined: 01/08/2010 - 09:29
Posts: 7141
Location: The Light
jmpaul320 wrote:
who knows when the sql dump is from

I do, actually. It’s clearly labelled with the date of the dump. I won’t mention it here to avoid making it easier to find, though.

Budget Light Forum ...where Frugal meets with Flashlight!

jmpaul320
jmpaul320's picture
Offline
Last seen: 1 month 6 days ago
Joined: 05/22/2012 - 09:06
Posts: 4189
Location: CT
sb56637 wrote:
jmpaul320 wrote:
who knows when the sql dump is from

I do, actually. It’s clearly labelled with the date of the dump. I won’t mention it here to avoid making it easier to find, though.

ok… i guess its time to change my passwords just to be safe then

Would you mind keeping the wrong flashlight?
Best wish, May
Tmart service team

 

Soumil wrote:

PLEASE HELP ME GEARBEsT! IM LITERALLY CRYING!

 

brad
brad's picture
Offline
Last seen: 4 hours 10 min ago
Joined: 12/04/2012 - 02:07
Posts: 2411
Location: USA

As a BLF member who has purchased from the company, I would like it if someone would PM me the method, or link to access my data that they are saying is on the internet, and which they are looking at.

Not what we have but what we enjoy, constitutes our abundance.

scaru
scaru's picture
Offline
Last seen: 5 years 1 month ago
Joined: 03/22/2012 - 13:36
Posts: 6946
Location: Virginia

And as BLF member who thinks it is for the best for as few people as possible to know about this stuff, I would encourage anyone who found it to refrain from doing that. 

Pages