Filesilo Hack?

LoLth · 09-02-2017 10:09am #1

anyone else get a notice of data breach from filesilo ?

IMPORTANT – Notification of FileSilo security breach

Dear FileSilo member,

You are receiving this email because you have at some point registered with the FileSilo.co.uk website.

We deeply value the privacy of your information, which is why, as a precautionary measure, we are writing to let you know about a data security incident that may involve your personal information.

What Has Happened
In the last 24 hours it has come to our attention that FileSilo.co.uk’s user registration database has been compromised. Unfortunately users’ email addresses, usernames, password (stored in plain text), name and surname may have been stolen in the process.

What You Need to Do
If you have used your FileSilo email and password for any other online services we highly recommend you change these as a matter of urgency.

What We Are Doing
Our IT team has identified the source of the breach and has undertaken immediate remedial action. As a consequence FileSilo.co.uk has been closed and will remain so until we are satisfied that the breach has been fully rectified.

We will contact you again soon to explain how to reset your password and regain access to the FileSilo website.

We take the security of our registered users extremely seriously and we are investing in implementing advanced systems that enhance that security. These efforts continue to proceed on track.

We apologise for any inconvenience caused by this situation, and are available to answer any questions or concerns; please email filesilohelp@futurenet.com with any queries you may have.

Yours sincerely,

Aaron Asadi,
Creative Director, Future Plc.

anyone know if this is genuine? I ask because it contains some rather contradictory details such as:

Unfortunately users’ email addresses, usernames, password (stored in plain text), name and surname may have been stolen in the process.

and

We take the security of our registered users extremely seriously

and as I typed I did a quick search... not a hoax! its real!

https://www.theregister.co.uk/2017/02/09/filesilo_lost_plaintext_passwords/

oh dear.

L1011 · 09-02-2017 11:26am

There needs to be painful data protection fines for anywhere that doesn't salt+hash passwords.

Joe Exotic · 09-02-2017 12:16pm

L1011 wrote: »

There needs to be painful data protection fines for anywhere that doesn't salt+hash passwords.

Hopefully The GDPR will be the push that is required when it comes into effect in May 2018

In this case Article 25 - secure by default and design

However until Security is made a core subject on programming courses (and others) then it will continue to be an issue

Sin City · 13-02-2017 9:51am

Why would any company store passwords in plain texts no hashing salting or any sort of encryption in place to protect its clients privacy

Massive red flag raised about its ability to hold secure data

LoLth · 13-02-2017 10:51am

worse when the company is primarily tech publications, several of which are dedicated to security issues and proper use and configuration of computer systems.

Filesilo Hack?

Comments