In german flashlight forum TLF members reported that their data is beneath the google search results, obviously some kind of data backup of intl-outdoor online store, that includes:
some reported that a password hash is written in cleartext
If you use your password for several accounts all over the internet, you should consider changing it.
Members reported that they contacted I-O already.
Don’t write me a PM, I’m not a customer of I-O and can’t share a link to the aforementioned backup data.
Members reported that the link to the data is dead for now.
15-FEB-2013: Still available
Problem seems to be solved since 15th of february.
I just googled a few different ways, couldn’t find myself, wish I could speak German so I knew what to search for…
+1, if you don’t tell us what to search for we can’t see if our stuff has been linked…
Intl Outdoor has removed the site now, but I suggest you change your passwords on other sites if you used the same combination of email and password elsewhere.
Also, I knew what to search for but didnt find myself.
-The vulnerability has been fixed. You can no longer directly access the information.
As somebody might still have extracted the database before, it’s recommended that you change your passwords if you are using the same passwort for other websites or services.
seems that the info is still accessible
Nothing to find about me. My the means of the internet I don’t even exist.
Thank you Nightcrawl and Pöbel !
Thanks for the heads up guys, I’ll change my passwords but there’s no billing data on there I don’t think, unless PayPal has been hacked, either way, good luck getting cash out of my account, I can’t lol.
no, there has been no billing data!
Just Name, Address, E-Mail and possibly the PW hash.
Yeah, mine is still out there. :(
Yep still available…now I have stolen all your identities…muhhaaaw >)
How do you change your password can't find a link on the site?
I'll add that it only shows up in google search, the whole in their system seems to have been fixed. Can anyone confirm my theory that before you could download a SQL file with everyones info in it?
yes, that is exactly what happend. You could download the whole file directly from their site. They responded swiftly to the mails and took it down, but still this should not have happend in the first place.
Somebody should submit a Google takedown request to get that data removed from Google’s cache.
I imagine the request would be processed faster if the site owner (Intl-Outdoor) were to submit the request. Maybe somebody could suggest this to them.
Done, but via feedback.
I forwarded a link to SB’s post directly to Hank.
Still available(not with google) and now I know the addresses of you guys so we can shut down the forum and write old school letters?…
I request a password before every order so I have no issues with that.
How are you guys seeing this stuff? I tried searching via google but come up blank.
I don´t use same user / password in ANY 2 sites over the net.
And I can assure, there are a TON of them. I keep a list of passwords.