Whenever you get an email telling you to change your password go to the site by typing the URL manually or using a bookmark, never by following a link in the email. The risk of getting taken by some fishing scam is far too great.

Hyaena

Croatia17 Posts

August 14 2011 11:30 GMT

#782

Hi,
I'm using keepass for almost two months (as R1CH suggested in some older thread, thanks btw) and have random password for each site. The thing is, email used in logging on gomtv is used for few more sites. Should i take any extra security steps (I changed gomtv password) and is spamming my email the worst thing that can happen (doubt someone would brute-force email)?
Thanks!

Titorelli

2492 Posts

August 14 2011 11:49 GMT

#783

So now it is safe to change ones pw?

Flwz

Ireland19 Posts

August 14 2011 12:16 GMT

#784

This is quite bad, I work in IT security and I have sent an emai lto GomTv discussing this issue.

I have asked the following questions :

For complete transparency, and as a user, I would like you to answer the following questions for me :
- Are passwords actually stored in plain text?
- How many user accounts have been compromised (how many user accounts in the DB)
- What are the steps you are taking for this not to happen again.

To my pleasant surprise, they did reply within one hour with the following :
"Dear Jeremy.

1. No they were not plain text. But there was a part of section where it was plain text. We are investigating how that had happened.

2. We are under investigation.

3. As soon as we found out about the hacking we have brought a team to re-build for better security of our system. For it not to occur again as a support team we do not have solid answer for you yet. But from what we heard we will be bringing teams to test our server(security) regularly.

Thank you for your time to take interest in our situation. And we apologize for the incident.

GOMTV.net"

I am not sure I understand answer 1, "They are not plain text but yeah they are" is a bit concerning, question 2 they completely avoided and answer to 3 means support does not have much more information than we do.

All in all,as has been said before, you should :
- Change GomTV password as soon as possible
- Change your password on any website / service where you used the same password (facebook, twitter, gmail, TL, forums, anything)
- Credit card and bank details are SAFE as they do not process the payments themselves (they go through Paypal).

Unfortunately these issues with user data security are not limited to GomTV (hello Sony), and as such it is very important not to reuse passwords over several sites.

R3N

740 Posts

August 14 2011 12:33 GMT

#785

I use the same password (with or without numbers) for EVERYTHING (mail, forums, games etc.) since 9-10 years back. I ain't going to change it.

I ***REALLY*** hope I wasn't hit

Znakie

Denmark2 Posts

August 14 2011 13:04 GMT

#786

Websites programmers should really start to take this stuff seriously - got like a 100 different accounts(most of them not active) on various sites around the web, and seems like a get an email every other week, or read somewhere on the web, that I have to change my password on this and that site, because they have had a breach.

Teton

France1656 Posts

August 14 2011 13:13 GMT

#787

password plain text? LOL
Epic fail GomTV.

SinCitta

Germany2127 Posts

August 14 2011 13:14 GMT

#788

On August 14 2011 21:33 R3N wrote:
I use the same password (with or without numbers) for EVERYTHING (mail, forums, games etc.) since 9-10 years back. I ain't going to change it.

I ***REALLY*** hope I wasn't hit

You really, really should (MUST). At least for everything involving your bank account (obviously), social network accounts (social contacts can be exploited) and your mail account (for password recovery). Bots can be used to automatically exploit your logins in which case something bad is bound to happen.

Sephy90

United States1785 Posts

August 14 2011 13:19 GMT

#789

Is this for real... come on now gom you were doing great for me now I'm really really disappointed.

meegrean

Thailand7699 Posts

August 14 2011 13:34 GMT

#790

This is sooo disturbing.

JinDesu

United States3990 Posts

August 14 2011 13:45 GMT

#791

On August 14 2011 21:16 Flwz wrote:
This is quite bad, I work in IT security and I have sent an emai lto GomTv discussing this issue.

I have asked the following questions :

For complete transparency, and as a user, I would like you to answer the following questions for me :
- Are passwords actually stored in plain text?
- How many user accounts have been compromised (how many user accounts in the DB)
- What are the steps you are taking for this not to happen again.

To my pleasant surprise, they did reply within one hour with the following :
"Dear Jeremy.

1. No they were not plain text. But there was a part of section where it was plain text. We are investigating how that had happened.

2. We are under investigation.

3. As soon as we found out about the hacking we have brought a team to re-build for better security of our system. For it not to occur again as a support team we do not have solid answer for you yet. But from what we heard we will be bringing teams to test our server(security) regularly.

Thank you for your time to take interest in our situation. And we apologize for the incident.

GOMTV.net"

I am not sure I understand answer 1, "They are not plain text but yeah they are" is a bit concerning, question 2 they completely avoided and answer to 3 means support does not have much more information than we do.

All in all,as has been said before, you should :
- Change GomTV password as soon as possible
- Change your password on any website / service where you used the same password (facebook, twitter, gmail, TL, forums, anything)
- Credit card and bank details are SAFE as they do not process the payments themselves (they go through Paypal).

Unfortunately these issues with user data security are not limited to GomTV (hello Sony), and as such it is very important not to reuse passwords over several sites.

It could be multiple files compromised, and the plain text file being preeetty important.

However, I gotta admit, Gom's pretty good if they were to answer a these questions with pretty good transparency in such short time to you.

Shootist

Singapore405 Posts

August 14 2011 15:17 GMT

#792

Man what is with all this plain text password catastrophes. I work in the IT line myself and it's really not much effort to implement at least a half-decent encryption.

Deleted User 101379

4849 Posts

August 14 2011 15:21 GMT

#793

On August 15 2011 00:17 Shootist wrote:
Man what is with all this plain text password catastrophes. I work in the IT line myself and it's really not much effort to implement at least a half-decent encryption.

As i always say:
99% of the programmers have no clue about anything and shouldn't work in that section... sadly they do -.-

Jank

United States308 Posts

August 14 2011 15:23 GMT

#794

I dunno, that one function call is a bit of a doozie.

Teton

France1656 Posts

August 14 2011 15:26 GMT

#795

Encryption is already implemented on mysql database or on google

Trigger1101

Sweden80 Posts

August 14 2011 15:46 GMT

#796

Is it safe to buy now ?

asdfTT123

United States989 Posts

August 14 2011 15:47 GMT

#797

storing passwords in plain text? ROFL WHAT THE FUCK GOM

XiGua

Sweden3085 Posts

August 14 2011 16:46 GMT

#798

Holy...

I don't want to change every the password on ALL my accounts and sites. I mean, I have like 50 of them!

Disappointed by GOMTV really... Seriously.