How do users feel about having their login, passwords, and e-mails stolen on petsites

[Organic]

There is SOOOO Much on the internet about him. You should read about it. It reminds me of that movie with Leonardo DiCaprio and the checks. He's kinda the computer hacker version of all that.

And yeah, over all I think the Exposer has good intentions. Here is one of the things the exposer has said:

"What it really does is, quite forcefully, makes sites upgrade their security. They know they can't open again, following the same practices. Plus, we don't do any damage besides having access to information.

At the maximum, I make a news post, to alert the members of the site, that is it. I told the owner of Grophland how I compromised his site, and even told him, upon his inquiry, of a preferred encryption algorithm to use."

So yeah the guy/girl (I keep feeling anti female here because I just keep calling the exposer a guy and I don't really know if they are or not lol) intentions are good. I've seen their messages on here as the pop up. Even though they are deleted and removed pretty quickly. It seems like they made a lot of effort to try to get people to pay attention and they have been really ignored. So they just stepped it up pulled out the information that they warned them was so readily available and posted it for their users to see.

@Michi
I totally agree btw. I hate that he's posting usernames and passwords even though it's only like 20. I don't agree with it at all. I had heard mystical equine was given more than a week though? As an owner of a site if someone told you they could easily and swiftly take all of your logins,passwords, and e-mails wouldn't you take the site down completely until you could fix it?

I'm thinking this guy/girl isn't a genius. I'm thinking they are just one of those teens who have learned a couple exploits or something and decided to go robin hood. If that's the case then it seems pretty good they are getting there first because at least they aren't trying to use the info maliciously. If they can do it... someone else could easily go in without ANYONE knowing and try to use all of those e-mails passwords and logins... again maybe get bank info and things of that sort through the e-mails if the passwords are the same.

[Dyl]

Oh yeah there is forewarning, but this person gives so little time to even find what the problem is before posting the names and passes. The forewarning thing? Good. Posting users names and passes? Bad! Maybe instead of just a forewarning help them out to fix the holes. Not degrade them by posting their names and passes.

I agree. (: I'm not exactly sure what this user did since I never seen him post usernames and passwords, but everyone has been saying something about it.
I guess I just wasn't on the forums at the right time.

[Michi]

I agree. (: I'm not exactly sure what this user did since I never seen him post usernames and passwords, but everyone has been saying something about it.
I guess I just wasn't on the forums at the right time.

Its because we got to it in time. But they tried posting the info twice under different usernames. The fact that they tried showing the info twice irks me.

[Organic]

@Michi

He's trying to post the usernames and passwords in the forum? Is he still just doing 20 of them or is he trying to copy and paste the whole thing?

I'm wondering because I remember when MysticalEquine went down it was only 20. Again, I HATE the idea of it. I wondered though if he had specifically picked those 20 out though because they looked pretty bogus. They looked like ones that put silly passwords intentionally etc... not ones that would be connected with any other sites. I was wondering if he had done that intentionally so that he could get the point across but also had peoples best wishes at heart.

[Drea]

I see what he or she is trying to do by posting passwords, and it is bad, and I don't agree with it, but I can't help but wonder if they weren't posted if anything would have changed, you know? Not that I'm condoning it at all, because it's still completely and utterly wrong, but if the passwords weren't posted, do you think anyone would change? I dunno, it's a tough one. It seems like passwords should just be encrypted in the first place... it could be worse I guess, it could be somebody who was just out to completely and utterly destroy the website... Still wrong though, either way. I'd hate to be one of those users... especially since my username is the same on just about every website... O_O

Also, @Avalanche, that is what I do with my passwords. My DA, e-mail, and other important passwords are very long and complex, while the less important ones are less complex, etc... it's a good system for me too.

[Michi]

@Love

The person basically posted a huge list. Not just 20 users like last time and even pointed out David's admin account. And they did this twice. So, yeah. While they think they are being helpful, all they doing is causing trouble for all on that site.

[Organic]

@Michi That is a shame. I'm sorry to hear it. I truly don't like to hear that sites have been hacked.

We've got us a misguided robin hood. It's weird. I'm on the ropes about him.

@cpvr
Since this person is vocal etc... and willing to answer questions. Why doesn't one of the admins here try to put together some rules and back him up. Help make him a good positive part of the community? Perhaps, they could allow him here to post what sites security is bad as long as he agrees to not post password/logins and do it in a constructive way? Maybe they would also be willing to give a site x amount of time before they take matters into their own hands? Maybe it would prevent a lot of un-necessary drama and also help to educate site owners that don't understand? It could be a good influence on the community.

[Avalanche]

I see what he or she is trying to do by posting passwords, and it is bad, and I don't agree with it, but I can't help but wonder if they weren't posted if anything would have changed, you know? Not that I'm condoning it at all, because it's still completely and utterly wrong, but if the passwords weren't posted, do you think anyone would change? I dunno, it's a tough one. It seems like passwords should just be encrypted in the first place... it could be worse I guess, it could be somebody who was just out to completely and utterly destroy the website... Still wrong though, either way. I'd hate to be one of those users... especially since my username is the same on just about every website... O_O

Also, @Avalanche, that is what I do with my passwords. My DA, e-mail, and other important passwords are very long and complex, while the less important ones are less complex, etc... it's a good system for me too.

What he did was illegal. That right there makes it wrong. I've always gone by 'the ends don't justify the means'. If you kill one person to save three, you're are a murderer. If you decide not to kill that person and they kill 3 people, THEY are the murderer, not you. If you steal from the rich to give to the poor, well you're still a thief. You still broke the law, no matter what the intention was. He still hacked their site, posted a picture of a dead animal, cussed, and showed off what they said to be the first twenty users, which probably meant the admin/owner's passwords were exposed. The fact that he flagged the site like that increases their chances of being hacked again in the future, and they probably ruined the site's reputation forever even though what the site was doing was not illegal. When you hand someone you're password you might as well assume they can see it. It's hard to judge the security of any website you join, so my suggestion is to pick wisely. That said, the hacker still should have chosen the path of working with the site owners to build up the site's security without ripping it to pieces. The hacker gave them 2 days to identify and fix any security errors. Now, I don't know about you but it takes longer than that to even find a reputable programmer to do the security fixes, not to mention the money it would cost, and the possible site downtime to get up the new security measures. Overall it was unfair, cruel and just plain wrong. This is NOT something anyone should encourage. If the site had refused to fix the issues, then the hacker should have simply posted publicly saying 'this site is unsafe!' without actually creating victims of the users.

[cpvr]

@Michi That is a shame. I'm sorry to hear it. I truly don't like to hear that sites have been hacked.

We've got us a misguided robin hood. It's weird. I'm on the ropes about him.

@cpvr
Since this person is vocal etc... and willing to answer questions. Why doesn't one of the admins here try to put together some rules and back him up. Help make him a good positive part of the community? Perhaps, they could allow him here to post what sites security is bad as long as he agrees to not post password/logins and do it in a constructive way?

I know @Michi has sent a PM off to @nobackseat to see what we can do about this, and if we can get a guide up for pet site owners to follow by. Security is a major issue, and it sucks when our pet sites get hacked, or we hear about it. But those security issues should possibly be found by having testers - and coders who know what to look for, and give you the information on how to fix those issues.

It doesn't help with passwords are shared with others, but goes to show you that you should always use different passwords, no matter what type of sites they are.

[Michi]

What he did was illegal. That right there makes it wrong. I've always gone by 'the ends don't justify the means'. If you kill one person to save three, you're are a murderer. If you decide not to kill that person and they kill 3 people, THEY are the murderer, not you. If you steal from the rich to give to the poor, well you're still a thief. You still broke the law, no matter what the intention was. He still hacked their site, posted a picture of a dead animal, cussed, and showed off what they said to be the first twenty users, which probably meant the admin/owner's passwords were exposed. The fact that he flagged the site like that increases their chances of being hacked again in the future, and they probably ruined the site's reputation forever even though what the site was doing was not illegal. When you hand someone you're password you might as well assume they can see it. It's hard to judge the security of any website you join, so my suggestion is to pick wisely. That said, the hacker still should have chosen the path of working with the site owners to build up the site's security without ripping it to pieces. The hacker gave them 2 days to identify and fix any security errors. Now, I don't know about you but it takes longer than that to even find a reputable programmer to do the security fixes, not to mention the money it would cost, and the possible site downtime to get up the new security measures. Overall it was unfair, cruel and just plain wrong. This is NOT something anyone should encourage. If the site had refused to fix the issues, then the hacker should have simply posted publicly saying 'this site is unsafe!' without actually creating victims of the users.

*agrees to all of that*

Actually we are planning something right now, but that person will not be contacted in any way. They keep breaking the rules and even the law and there is no way we would trust a person like that.

What @cpvr said. Just need to see if NBS is gonna help. Since I have no way of trying to explain something like this. XD