Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Contact details and passwords available online!!

  • 31-03-2011 8:32am
    #1
    Registered Users, Registered Users 2 Posts: 6,415 ✭✭✭


    Hi all,
    Hoping to ask advice. A friend of mine was bored and typed her mobile number into Google and found a link. When she clicked on it, she found not just her mobile number linked to her name and address, but also all of her passwords for all of her online stuff such as Facebook and hotmail. Bank details were not there, but she is worried sick as to how this could have happened.
    She has changed all her passwords now, and is contacting the bank and the mobile phone provider to ask what she should do, but has anybody ever come across this before and is there anything that can be done about it?
    The website is a .RO domain, so I think its based in Romania.

    (I dont have the link, she just rang me this morning about it, but she said the page with her details on it features 200 different people in Ireland)

    Thanks in advance for any advice!!


Comments

  • Closed Accounts Posts: 2,486 ✭✭✭Redshift


    Her computer maybe compromised given the variety of information on the site.
    There could be malware on her system that is stealing personal information or providing remote access.
    If her computer is indeed infected then the persons responsible for this site may already have her new passwords. First port of call is a full system scan for malware, backdoors, trogans. ect.
    Though personally if I found a back door on my computer I would go for a full O/S Reinstall to be sure.
    If not make sure the operating system is fully up to date, same goes for anti virus/malware.


  • Registered Users, Registered Users 2 Posts: 6,415 ✭✭✭Archeron


    Redshift wrote: »
    Her computer maybe compromised given the variety of information on the site.
    There could be malware on her system that is stealing personal information or providing remote access.
    If her computer is indeed infected then the persons responsible for this site may already have her new passwords. First port of call is a full system scan for malware, backdoors, trogans. ect.
    Though personally if I found a back door on my computer I would go for a full O/S Reinstall to be sure.
    If not make sure the operating system is fully up to date, same goes for anti virus/malware.

    Thanks Redshift


  • Registered Users, Registered Users 2 Posts: 495 ✭✭jakedixon2004


    Yes, if there is very sensitive information on that machine then a re-format is nessesary. If its just used for facebook and emails then a virus scan should do the trick.


  • Registered Users, Registered Users 2 Posts: 1,311 ✭✭✭Procasinator


    Another thing worth considering doing is to report the site to it's host/ISP. It might not achieve much, but who knows.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    My brother was just forwarded an email, with all his details and about 150 others. Dangerous stuff.


  • Advertisement
  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    He sent me on the email. One of the people who found their details online on that site, emailed everyone on the list a copy of the page (fair play to them)

    Looks like it was a silly SQLi hack on http://cvrecruit.ie using an automated tool called Havij

    They stole everyone's account on that site including address, email, username, password.
    Your worse off if your password on that site was the same password used for the email address you submitted.

    The Havij report is dated December 2010 also!!

    Shame on cvrecruit.ie for been open to the most common and simple web vulnerability out there, and for storing passwords in plain text.


  • Registered Users, Registered Users 2 Posts: 495 ✭✭jakedixon2004


    Oh for the love of Jesus. Not even MD5 encryption on that. That God I'm not a member on there. Its looks like they have shut the site down though.


  • Registered Users, Registered Users 2 Posts: 527 ✭✭✭Sean^DCT4


    A great example of why not to use cheap software developers


  • Registered Users, Registered Users 2 Posts: 6,415 ✭✭✭Archeron


    Thanks for the replies everybody, very helpful indeed!!


  • Registered Users, Registered Users 2 Posts: 367 ✭✭900913


    He sent me on the email. One of the people who found their details online on that site, emailed everyone on the list a copy of the page (fair play to them)

    Looks like it was a silly SQLi hack on http://cvrecruit.ie using an automated tool called Havij

    They stole everyone's account on that site including address, email, username, password.
    Your worse off if your password on that site was the same password used for the email address you submitted.

    The Havij report is dated December 2010 also!!

    Shame on cvrecruit.ie for been open to the most common and simple web vulnerability out there, and for storing passwords in plain text.

    They still havn't fixed the holes yet, There are still at least 2 sql vulnerabilities that have access to the encrypted wp admin hash .

    If the admin hash got decrypted the whole server could be vulnerable.


  • Advertisement
  • Closed Accounts Posts: 452 ✭✭Phractal


    MD5... lol.

    Seriously, I am amazed at what Havij can pwn for such a easy tool to use (i.e. idiot friendly).

    Being 100% honest I must say it has NEVER failed me.

    Though SQLmap and SQLninja are more awesome... manual is the way to go!


Advertisement