I can't believe there are still websites that store passwords in plain text. What a ridiculously amateur mistake to make.

And of course at the moment it's not possible to modify profiles, so we can't change our passwords, but that's pretty logical given that someone just stole login information for the site. I imagine they'll have to send e-mails out with unique links to unlock our accounts and force a simultaneous password change or some such, since otherwise whoever got our account information could just log in and change our password to lock us out.

zYwi3c

Poland1811 Posts

August 13 2011 11:45 GMT

#563

If i changed my password 2/3 days ago, before GOM was compromised.
Can they still check what password i had before that ?

Nizaris

Belgium2230 Posts

August 13 2011 11:45 GMT

#564

On August 13 2011 20:43 Barack Obama wrote:

Show nested quote +

You have to 'like' them first before being able to post.

aah of course. thx.

EnSky

Philippines1003 Posts

August 13 2011 11:48 GMT

#565

On August 13 2011 20:43 AmericanUmlaut wrote:
I can't believe there are still websites that store passwords in plain text. What a ridiculously amateur mistake to make.

And of course at the moment it's not possible to modify profiles, so we can't change our passwords, but that's pretty logical given that someone just stole login information for the site. I imagine they'll have to send e-mails out with unique links to unlock our accounts and force a simultaneous password change or some such, since otherwise whoever got our account information could just log in and change our password to lock us out.

You won't get locked out coz you can still use the "Forgot password" feature.

EnSky

Philippines1003 Posts

August 13 2011 11:50 GMT

#566

On August 13 2011 20:45 zYwi3c wrote:
If i changed my password 2/3 days ago, before GOM was compromised.
Can they still check what password i had before that ?

Do you really wanna take that risk? It's better safe than sorry.

Scabou

Germany229 Posts

August 13 2011 11:51 GMT

#567

Profile modification is not available at the moment. Please try again at a later time.

Cool story...

AmericanUmlaut

Germany2581 Posts

August 13 2011 11:51 GMT

#568

On August 13 2011 20:48 EnSky wrote:

Show nested quote +

You won't get locked out coz you can still use the "Forgot password" feature.

This is a good point. It still makes sense that they've locked account information, though, until they can force mass password resets to prevent malicious tampering.

And to zYwi3c: There's nothing in the OP that indicates when the intrusion into GOM's system took place. In your situation, I would assume that both the old password and the new password have been comprimised.

inn5013orecl

United States227 Posts

August 13 2011 11:52 GMT

#569

On August 13 2011 20:48 EnSky wrote:

Show nested quote +

You won't get locked out coz you can still use the "Forgot password" feature.

Nice workaround, though you can't change the temporary password to a password of your choosing until the modify profile option is available again

Doppelganger

488 Posts

August 13 2011 11:53 GMT

#570

Well it is not thee same pw I use for banking or my mail account. So I guess there is no problem cause I don't buy or sell stuff via Internet except via amazon.

so I'm sitting at amazon and I am waiting for the fucking captcha to load but it doesn't... cause fml

Drake

Germany6146 Posts

August 13 2011 12:01 GMT

#571

i am linking with facebook but i think i had an account before who not worked always hm better change all pass ... thx gom .... damn if you need programmer hire me i can make it save for you xD

KadaverBB

Germany25657 Posts

August 13 2011 12:03 GMT

#572

This is kinda stupid. Profile modification is disabled :D

acgFork

Canada397 Posts

August 13 2011 12:08 GMT

#573

That's why you use different passwords for all of your different accounts, kids!

Deadeight

United Kingdom1629 Posts

August 13 2011 12:08 GMT

#574

I have to admit I'm a bit lazy with my passwords, and I have tiers of passwords depending how important the website is. Unfortunately I had overstated GOMs security and should have had it at the bottom.

This is a pain.

SplashBrannigan

Finland16 Posts

August 13 2011 12:15 GMT

#575

gomtv knew about the vulnerability since the first GSL. Someone made a forum post about this during the very first events and said it is easy to get passwords etc and that they are stored in plaintext. Post was quickly deleted from the forums and i assumed the issue will be fixed asap but obviously not.

I think there should be public outroar about this, they had all the time in the world to fix this issue but instead just hoped nothing would happen. They have shown their technical abilities to be far lacking in other aspects as well so i guess this and future incidences are to be expected

GinDo

3327 Posts

August 13 2011 12:19 GMT

#576

Thankfully I use a unique Username for GOM. And the emailed link to it is a smurf.

Zocat

Germany2229 Posts

August 13 2011 12:20 GMT

#577

On August 13 2011 19:27 dani` wrote:

Show nested quote +

LastPass is about the same, also providing extensions for all browsers to automatically store & fill username / password fields. It's free.

You mean this LastPass?

""Network traffic anomalies" to and from the databases of the LastPass password management service have caused the company to suspect that intruders could have harvested personal information – including some customers' master passwords."

Stay away from stuff which saves your stuff online.

DexVitality

Hong Kong234 Posts

August 13 2011 12:28 GMT

#578

Thank god I used a separate password for GOMtv so its ok if it gets hacked I guess, free GSL for those people I guess.