A Database of Thousands of Credit Cards Was Left Exposed on the Open Internet

A US online pet store has exposed the details of more than 110,400 credit cards used to make purchases through its website, researchers have found. From a report on ZDNet: In a stunning show of poor security, the Austin, TX-based company FuturePets.com exposed its entire customer database, including names, postal and email addresses, phone numbers, credit card information, and plain-text passwords. Several customers that we reached out to confirmed some of their information when it was provided by ZDNet, but did not want to be named. The database was exposed because of the company's own insecure server and use of "rsync," a common protocol used for synchronizing copies of files between two different computers, which wasn't protected with a username or password.

Linux

Why these people continue to use Linux is beyond me. I mean year after year of hacked Linux servers doesn't tell you anything?

Go get a decent UNIX server you clods.

Re:unhashed passwords, unencrypted card numbers

[ls671]

I can see all the passwords on my linux system in /etc/shadow:

joe:$6$C/3J0yEO$a5VtriMUR6oyxW1kNSOSHE7fAlvWWbf4.aotAySCZATv7BB0pWPTmMRxXm5Ivg7GmswpKnJVdmnAg6FZoC7Fb1:17275:0:99999:7:::

see? The password for joe is:
$6$C/3J0yEO$a5VtriMUR6oyxW1kNSOSHE7fAlvWWbf4.aotAySCZATv7BB0pWPTmMRxXm5Ivg7GmswpKnJVdmnAg6FZoC7Fb1