View Full Version : Gmail, Yahoo, MSN Passwords Exposed...

2007-03-27, 12:43

- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=198700206
March 26, 2007 ~ "...The victims are all members of sites operated by Splash Magazines Worldwide, which publishes local versions of its magazines under URLs like NYCSplash.com and LASplash.com. The list of e-mail addresses and passwords for members' Gmail, Hotmail, Yahoo, and other accounts would turn up in the results of unrelated Google searches Monday if those searches happened to contain at least two keywords that matched the names of Splash members. InformationWeek confirmed that the security hole was still open as of 4 p.m. Monday. Splash founder Larry Davis said in an interview that he was not aware of the security problem and did not know how it could have occurred. "We have a Webmaster who is supposed to know all about security," said Davis. Splash's servers are co-located at a Los Angeles Internet hosting company called Calpop. However, Calpop co-founder Lynn Hoover said his company simply rents floor space and bandwidth to Splash and is not involved with the maintenance or operation of its Web sites. "It's not like our people code their software," said Hoover. "Having said that, we'll try and help out with the situation if we can." Hoover theorizes that the information could have been inadvertently exposed to the Web if the Google search spider happened to be crawling Splash's sites at a time when password-protected pages were open for editing or maintenance. Versions of the pages held in Google's cache would then be readily available to anyone with Internet access -- including identity thieves..."