GOMTV.net compromised - Page 16

On August 13 2011 03:14 R1CH wrote:
There's a post on reddit that suggests that GOMTV has been compromised. I have independently verified that at least some usernames, passwords and email addresses have been compromised.

There appears to be zero security on the passwords as they were stored in plain text (really GOM?). This means if you use your GomTV password anywhere else, you should change it and consider it compromised. To clarify, your GomTV.net username, email address, PayPal real name and your GomTV.net password are likely compromised. Personal information such as your address may be compromised too if it was stored. You should also change your GomTV password to prevent unauthorized account access, although the exploit through which the information was compromised may still exist.

Since payments are processed through PayPal, there is no risk of your financial information being compromised, unless you used your PayPal password when signing up for GomTV (don't do this). Users who logged in via SNS should be safe as Twitter / Facebook authentication is token based, not password based.

If you aren't already, you should really use unique passwords for each website since this happens more often than you think (ever hear someone say they were "hacked"? this is likely how it happens) and not all websites will disclose if they get compromised. Use http://keepass.info/ for password management.

On August 13 2011 05:26 ravemir wrote:
But tell me this, if you want to adjust the iterations, won't you have to re-calculate every password for each user?

On August 13 2011 05:56 Integra wrote:

R1CH, from what I can deduct they simply used a SQL Injection to list all the data, if it's that simple then why does it matter if we change the password, they will still get it, you could change it a million times.