Hundreds Of Gmail, Yahoo, MSN Passwords Exposed By Entertainment Web Site - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
3/26/2007
05:26 PM
50%
50%
RELATED EVENTS
How Upwork Cut Zero-Day File Attacks by 70%
Oct 05, 2017
Upwork has millions of clients and freelancers that have to upload and download many files to and ...Read More>>

Hundreds Of Gmail, Yahoo, MSN Passwords Exposed By Entertainment Web Site

The victims are all members of sites operated by Splash Magazines Worldwide, which publishes local versions of its magazines under URLs like NYCSplash.com and LASplash.com.

A Los Angeles publisher of online lifestyle and entertainment magazines has inadvertently exposed the personal e-mail addresses and passwords for hundreds of its subscribers, InformationWeek has learned.

The victims are all members of sites operated by Splash Magazines Worldwide, which publishes local versions of its magazines under URLs like NYCSplash.com and LASplash.com.

The list of e-mail addresses and passwords for members' Gmail, Hotmail, Yahoo, and other accounts would turn up in the results of unrelated Google searches Monday if those searches happened to contain at least two keywords that matched the names of Splash members. InformationWeek confirmed that the security hole was still open as of 4 p.m. Monday.

Splash founder Larry Davis said in an interview that he was not aware of the security problem and did not know how it could have occurred. "We have a Webmaster who is supposed to know all about security," said Davis.

Splash's servers are co-located at a Los Angeles Internet hosting company called Calpop. However, Calpop co-founder Lynn Hoover said his company simply rents floor space and bandwidth to Splash and is not involved with the maintenance or operation of its Web sites. "It's not like our people code their software," said Hoover. "Having said that, we'll try and help out with the situation if we can."

Hoover theorizes that the information could have been inadvertently exposed to the Web if the Google search spider happened to be crawling Splash's sites at a time when password-protected pages were open for editing or maintenance. Versions of the pages held in Google's cache would then be readily available to anyone with Internet access -- including identity thieves.

Understandably, some Splash members are now worried they're going to get soaked by cybercriminals. "I'm composing an angry e-mail in my head to Splash right now," said Liz Miller, an L.A. graphic artist and writer whose Gmail account and password were revealed online. "It reinforces the fact that you really need to know who you're dealing with before you provide passwords over the Internet," said Miller, who changed her Gmail password after being informed of the problem by InformationWeek.

Security breaches have become a not uncommon event on the Internet, and even major retailers like Amazon and T.J. Maxx have been the victim of hacks or accidental data exposure. The rash of online security problems has prompted some states to require companies to notify customers if their personal information has been compromised and to provide free credit monitoring services.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll