NameDrive login problems ?

[Ridge]

Do you have any type of log files that confirm which customers passwords were taken? or are you assuming that it was only the ones that were posted online?

 

[NameDriver]

Equalizer,

As I just posted before you, SS numbers were not taken and I believe nobody is taking it lightly. We have had several hundred emails to our support today which we are dealing with on a one to one basis and we as a company are certainly not taking this lightly.

Any company operating online operates under these risks and I am shocked that it has happened to us, but nobody is immune, as recent attacks on Godaddy and US banks have proved.

We informed the accounts directly affected within 60 minutes of us having this information.

Ed

 

[Equalizer]

Any company?

I understand the passwords were not encrypted ? and saved as plain text...and the information was posted on a hacker's forum?

is that correct.?

How does someone just steals 1 % of the info?

 

[symetrix]

NameDrive did NOT properly store passwords in their database. This is made evident by the fact that your reset password is [originalpassword]_[somenumbers].

If they were properly storing passwords (saving a hash and salt), they would not have been able to get your original password to generate the new password with.

Note that "encrypting" passwords is useless, because anyone who compromises the database is likely to also get the decryption keys (since the website would have access to them).

I pointed this failure out to ND and got a BS response of "we do not comment on the way we encrypt information." Anyone doing the right thing would flat out deny it, not refuse to comment. :veryangry:

 

[Equalizer]

Their silence is defeaning.
Thanks Sym for the explanation...