New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
ChicagoVPS database leaked? ChicagoVPS customers - change your root passwords immediately!
This discussion has been closed.
Comments
More lies and deceit from ChicagoVPS? I'm shocked.
It has been discussed before that password are saved as clear-text.
@NickM
Cvps has not responded in any other way that they require you to change your password.
How is that a lie?
I don't have the dump so i can't check myself, but if the passwords are really saved in plaintext then many people are going to have a problem. Does it only contain Solus or also WHMCS?
They decided to do this password reset, claiming that they audited people's passwords and found too many people using weak passwords, the same day that their database gets leaked. If you want to believe that story, good for you. I, for one, don't believe a word of it.
I think he was kidding when he said that it's stored in plain text.
WHMCS displays the password that was set at creation in the product section.
Solus doesn't display the password anywhere (that I see), but as mentioned above I believe it is stored in plain text. I'm checking the DB.
From my DB: (3,0,'jrunyon','40 hexit password hash',....)
That's Solus' password right? Not the WHMCS account password.
Solus, yes. Though WHMCS has an option to disable hashing of (WHMCS) passwords.
I'm getting PM's asking for the file. Do or don't?
I'd say no. Nothing good can come from distributing it
Don't
Don't
Try finding out how many 2GB plans they put on a node :P
I say do. Security through obscurity is not security.
So CVPS haven't told customers there private data is floating around the web. Nice.
They probably didn't know or they just found out (thus the mass password reset). Even if they knew I doubt they would have said anything.
I am not interested, neither have the time in going through their DB, however would appreciate someone that has already imported it to run a query to check for my email, I wonder what it would output (as password / personal information).
Gotta agree with NickM. We've learned so much about passwords users use, only because of db dumps that went public like what happened with LinkedIn or e-Harmony.
Like laws against guns aren't going to stop terrorist from obtaining guns illegally, the "bad guys" are going to get the dump either if you publish it or not.
Same here. If someone credible can check? Perhaps a moderator?
If someone sends me the file, I'll see if I can get a checker site set up where you can check the database for your email address / password. I'd need a download link that I can use via wget, so no crappy mediafire links, please.
Wonder how many passwords are 'winning'?
No, AND report the usernames to moderators, citing malicious intent.
@Damian, there are legitimate reasons for wanting the database. The file is already out there, somewhere. The "bad guys" already have it, so not releasing it isn't really going to help anyone.
Overreacting a bit?
This DB leak didn't just come about because if this guy, somebody linked me to it weeks back.
Maybe people just want to see if their name is in the database? If I was a ChicagoVPS customer I'd be interested too, but I'm not so I don't care.
The database will probably be all over the place pretty soon anyway but if I were you I wouldn't share it.
Exactly this. Which is why I'd like to get my hands on it - so that I can put together a page where anyone can easily search for their own name to find out if their info is out there.
+1
I just had a quick look at it and the passwords are not stored in cleartext.