Contact details and passwords available online!!

Archeron

Hi all,
Hoping to ask advice. A friend of mine was bored and typed her mobile number into Google and found a link. When she clicked on it, she found not just her mobile number linked to her name and address, but also all of her passwords for all of her online stuff such as Facebook and hotmail. Bank details were not there, but she is worried sick as to how this could have happened.
She has changed all her passwords now, and is contacting the bank and the mobile phone provider to ask what she should do, but has anybody ever come across this before and is there anything that can be done about it?
The website is a .RO domain, so I think its based in Romania.

(I dont have the link, she just rang me this morning about it, but she said the page with her details on it features 200 different people in Ireland)

Thanks in advance for any advice!!

Redshift

Her computer maybe compromised given the variety of information on the site.
There could be malware on her system that is stealing personal information or providing remote access.
If her computer is indeed infected then the persons responsible for this site may already have her new passwords. First port of call is a full system scan for malware, backdoors, trogans. ect.
Though personally if I found a back door on my computer I would go for a full O/S Reinstall to be sure.
If not make sure the operating system is fully up to date, same goes for anti virus/malware.

Archeron

Redshift wrote: »

Her computer maybe compromised given the variety of information on the site.
There could be malware on her system that is stealing personal information or providing remote access.
If her computer is indeed infected then the persons responsible for this site may already have her new passwords. First port of call is a full system scan for malware, backdoors, trogans. ect.
Though personally if I found a back door on my computer I would go for a full O/S Reinstall to be sure.
If not make sure the operating system is fully up to date, same goes for anti virus/malware.

Thanks Redshift

jakedixon2004

Yes, if there is very sensitive information on that machine then a re-format is nessesary. If its just used for facebook and emails then a virus scan should do the trick.

Procasinator

Another thing worth considering doing is to report the site to it's host/ISP. It might not achieve much, but who knows.

h57xiucj2z946q

My brother was just forwarded an email, with all his details and about 150 others. Dangerous stuff.

h57xiucj2z946q

He sent me on the email. One of the people who found their details online on that site, emailed everyone on the list a copy of the page (fair play to them)

Looks like it was a silly SQLi hack on http://cvrecruit.ie using an automated tool called Havij

They stole everyone's account on that site including address, email, username, password.
Your worse off if your password on that site was the same password used for the email address you submitted.

The Havij report is dated December 2010 also!!

Shame on cvrecruit.ie for been open to the most common and simple web vulnerability out there, and for storing passwords in plain text.

jakedixon2004

Oh for the love of Jesus. Not even MD5 encryption on that. That God I'm not a member on there. Its looks like they have shut the site down though.

Sean^DCT4

A great example of why not to use cheap software developers

Powered by - Shashwat Web Technologies India

Archeron

Thanks for the replies everybody, very helpful indeed!!

900913

Nikolas Thousands Sinusitis wrote: »

He sent me on the email. One of the people who found their details online on that site, emailed everyone on the list a copy of the page (fair play to them)

Looks like it was a silly SQLi hack on http://cvrecruit.ie using an automated tool called Havij

They stole everyone's account on that site including address, email, username, password.
Your worse off if your password on that site was the same password used for the email address you submitted.

The Havij report is dated December 2010 also!!

Shame on cvrecruit.ie for been open to the most common and simple web vulnerability out there, and for storing passwords in plain text.

They still havn't fixed the holes yet, There are still at least 2 sql vulnerabilities that have access to the encrypted wp admin hash .

If the admin hash got decrypted the whole server could be vulnerable.

Phractal

MD5... lol.

Seriously, I am amazed at what Havij can pwn for such a easy tool to use (i.e. idiot friendly).

Being 100% honest I must say it has NEVER failed me.

Though SQLmap and SQLninja are more awesome... manual is the way to go!