- A Bad Morning Practice Run and Bookfest » »
- « « Switching to HonestGamers and a Poor Series of Three Runs in Five Days
Warning: HonestGamers Is and Likely Has Been Harvested for Passwords!
I guess I won’t remove the links from my previous post, but it should be easy to understand why I won’t include any in this one, since the point is that it seems to be shockingly easy to inject code on HonestGamers and harvest passwords from anyone who views it while logged on. It’s sad to need to say this right after joining and being rather glad to see that the site was still active and kept its focus and old school look and feel and functionality, and the fact that it was now done through comments posted on one of my reviews even makes me feel rather guilty, but when it’s so easy to do, and also considering the announcements that I saw about the site having been hacked and the hacker continuing to have access, at least at one point, even after the administrator’s password was changed, it has probably been going on for some time, since it’s such an easy and lucrative target and the method hadn’t yet been discovered, or at least nothing at all was done about it.
I won’t go into more detail here, and what I noticed may well not be the only method used anyway, but be warned: If you use HonestGamers, having an account and viewing the site while logged on, your password has probably been stolen, in plain text, probably more than once, and changing it may well lead to the new one being harvested just as well until they’ll find a way to stop it from happening. And if it’s so easy to inject code, this may well be only a part of what may be, and possibly has been, delivered through that site. So make sure that any password you ever used on that site, as well as any that’s similar to any that you used there, isn’t used anywhere else, and be very careful in general.