Eccie compromised? What's the bug?

  • 1
  • 2
Can we get more info on this?



https://www.openbugbounty.org/incidents/203915/
Its all reporting 7/2017? Cray
https://www.htbridge.com/ssl/?id=7e0...83882a92b2cf31
Wakeup's Avatar
Sounds like y'all should delete your accounts...immediately...
TheADream's Avatar
Sounds like y'all should delete your accounts...immediately... Originally Posted by Wakeup
Sure, after you.
SamHouston's Avatar
Not yet ljs
Its all reporting 7/2017? Cray Originally Posted by CashmereLove
if you go down on the page, its using international format of date/month/year.
Can we get more info on this?



https://www.openbugbounty.org/incidents/203915/ Originally Posted by honeydavis
Looks like BS to me. Just an attempt to score some "protection" money from eccie.
Guest072118's Avatar
Looks like a pile of crap. Also any site is vulnerable... a hacker wants in, they will get in.
ck1942's Avatar
Can we get more info on this?

https://www.openbugbounty.org/incidents/203915/ Originally Posted by honeydavis

Just wondering how you found out about this "bug?"
I stumbled upon it on that site I posted.
barrybarry39's Avatar
So I'm guessing this may have the potential of turning into another Ashley Madison or another Back Page Censorship?
ck1942's Avatar
So I'm guessing this may have the potential of turning into another Ashley Madison or another Back Page Censorship? Originally Posted by barrybarry39
Better not bet on it.

AM got hacked, plain and simple. And it's files included way more personal data plus credit card info. Should have kept the very personal stuff in entirely separated data bases which would have offered more security than the main website, imo.

BP is "self-censoring" for whatever reason BP feels it must. But, have you looked at the BP personal sections? Almost as many ads there as before in the ad forums.

Of interest: the bug website reports nothing about the AM vulnerabilities past or present. hmmmm!

ijs
Jannisary's Avatar
This isn't so much a "hacker" issue as far as someone gaining access to the backend stuff of this site. The issue according to that website someone could inject malicious code into the site, code that would then possibly plant malicious software on visitors computers. It is not all that uncommon unfortunately. That is how a lot of malware gets spread around. Hopefully the Admins around here are taking this seriously and are having the exploit investigated and corrected.
Better not bet on it.

AM got hacked, plain and simple. And it's files included way more personal data plus credit card info. Should have kept the very personal stuff in entirely separated data bases which would have offered more security than the main website, imo.

Originally Posted by ck1942

Been doing some research of my own and all I can say is I'll take that bet.
  • 1
  • 2