1 minute read

I noticed an unusual email when I checked my Gmail account today.

Sure it was spam, but this one was tagged with a “Password” tag, a tag that I used to filter any emails that contain an old password.

Low and behold there was my password displayed right in the email. So, of course, the first thing to do was to check the email headers to see how the email was routed.

I could not believe it!

To: “password1” [email protected]

Note: my password is not password1, I replaced it with that.

They had inserted my password instead of my name in the “To” part of the email headers.

The email address they sent to was an alias which I had used specifically for friendster so I knew. However, according to the email headers it definitely did not come from the friendster servers.

How did the spammers manage to get my password and email address?

I’ve certainly not used the account since about 2005, so it can’t be me.

Does friendster store their passwords in plain text?

I figured the easiest way to check is to issue a “forgot password” request and see what happens.

I received an “Your Friendster account information” email which contained my password in plain text right in the email.

Yes, this means is that it is absolutely possible that if somebody did hack into friendster they could recover my password (and everyone elses) from their database.

What does this mean for friendster?

Well, probably not a lot since most people are waving bye-bye to friendster anyway as friendster starts to delete all user data from their servers.

My tip: Don’t delay, delete it today!

Update 02/06/11

Yesterday I emailed friendster to notify them of a serious security concern, today I received this reply:

Thank you for reporting this to us.  We take reports like this seriously and we shall make the proper investigation on your concern.  Unfortunately, we don’t have a specific time frame on when the investigation will be completed. We apologize for the inconvenience.



Customer Support

P.S. Thanks for your comments, I’m glad I’m not alone. Keep them coming!