In german flashlight forum TLF members reported that their data is beneath the google search results, obviously some kind of data backup of intl-outdoor online store, that includes:
- name
- address billing amount
some reported that a password hash is written in cleartext
If you use your password for several accounts all over the internet, you should consider changing it.
Members reported that they contacted I-O already.
Don’t write me a PM, I’m not a customer of I-O and can’t share a link to the aforementioned backup data.
EDIT: Members reported that the link to the data is dead for now. 15-FEB-2013: Still available Problem seems to be solved since 15th of february.
Intl Outdoor has removed the site now, but I suggest you change your passwords on other sites if you used the same combination of email and password elsewhere.
Also, I knew what to search for but didnt find myself.
-The vulnerability has been fixed. You can no longer directly access the information.
As somebody might still have extracted the database before, it’s recommended that you change your passwords if you are using the same passwort for other websites or services.
Thanks for the heads up guys, I’ll change my passwords but there’s no billing data on there I don’t think, unless PayPal has been hacked, either way, good luck getting cash out of my account, I can’t lol.
I'll add that it only shows up in google search, the whole in their system seems to have been fixed. Can anyone confirm my theory that before you could download a SQL file with everyones info in it?
yes, that is exactly what happend. You could download the whole file directly from their site. They responded swiftly to the mails and took it down, but still this should not have happend in the first place.
Somebody should submit a Google takedown request to get that data removed from Google’s cache.
I imagine the request would be processed faster if the site owner (Intl-Outdoor) were to submit the request. Maybe somebody could suggest this to them.