Monday, July 16, 2012

UFO Nepal Compromised, Hackers Posts Member's Detail Online

UFO Nepal one of the leading clothing brand of Nepal and one of the very first to start website in this section has been hacked. Its member details like name, address, phone number, username and password has been posted online. The website allowed members to browse their collection of clothes and accessories. Members also used to get email on new arrivals.(But I'd rather call it spam as it used to send 4 or 5 same email).

What hurts most is the website is claimed to be powered by dreams and ideas. The company behind Nepal's most popular portal cybersansar.com . There are many websites created under this company. I wonder how secure are all of them.

Lesson to be learnt here would be to use different password for different websites. And web developers what happened to digest based password with random salting and iteration?

Now it will be interesting to see UFO Nepal and/or Dreams and Ideas response.

Update


After more than two weeks of this incident, UFO  Nepal has sent an email. However the email says the site is being updated and advises its user to change password for security precaution. The whole email reads  as follows:
Dear UFO Members, We are very grateful to have you as member and thank you for being with us this long. We are upgrading our website www.ufonepal.com very soon. For a security precaution, you are advised to change password of your account asap. Sorry for any inconvenience. Thanks, The UFO Team


0 comments:

Post a Comment

Comments are moderated. No spam please.