Software // Enterprise Applications
News
3/26/2007
05:26 PM
Connect Directly
RSS
E-Mail
50%
50%

Hundreds Of Gmail, Yahoo, MSN Passwords Exposed By Entertainment Web Site

The victims are all members of sites operated by Splash Magazines Worldwide, which publishes local versions of its magazines under URLs like NYCSplash.com and LASplash.com.

A Los Angeles publisher of online lifestyle and entertainment magazines has inadvertently exposed the personal e-mail addresses and passwords for hundreds of its subscribers, InformationWeek has learned.

The victims are all members of sites operated by Splash Magazines Worldwide, which publishes local versions of its magazines under URLs like NYCSplash.com and LASplash.com.

The list of e-mail addresses and passwords for members' Gmail, Hotmail, Yahoo, and other accounts would turn up in the results of unrelated Google searches Monday if those searches happened to contain at least two keywords that matched the names of Splash members. InformationWeek confirmed that the security hole was still open as of 4 p.m. Monday.

Splash founder Larry Davis said in an interview that he was not aware of the security problem and did not know how it could have occurred. "We have a Webmaster who is supposed to know all about security," said Davis.

Splash's servers are co-located at a Los Angeles Internet hosting company called Calpop. However, Calpop co-founder Lynn Hoover said his company simply rents floor space and bandwidth to Splash and is not involved with the maintenance or operation of its Web sites. "It's not like our people code their software," said Hoover. "Having said that, we'll try and help out with the situation if we can."

Hoover theorizes that the information could have been inadvertently exposed to the Web if the Google search spider happened to be crawling Splash's sites at a time when password-protected pages were open for editing or maintenance. Versions of the pages held in Google's cache would then be readily available to anyone with Internet access -- including identity thieves.

Understandably, some Splash members are now worried they're going to get soaked by cybercriminals. "I'm composing an angry e-mail in my head to Splash right now," said Liz Miller, an L.A. graphic artist and writer whose Gmail account and password were revealed online. "It reinforces the fact that you really need to know who you're dealing with before you provide passwords over the Internet," said Miller, who changed her Gmail password after being informed of the problem by InformationWeek.

Security breaches have become a not uncommon event on the Internet, and even major retailers like Amazon and T.J. Maxx have been the victim of hacks or accidental data exposure. The rash of online security problems has prompted some states to require companies to notify customers if their personal information has been compromised and to provide free credit monitoring services.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Tech Digest Oct. 27, 2014
To meet obligations -- and avoid accusations of cover-up and incompetence -- federal agencies must get serious about digitizing records.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.