Exposed Christians a reminder for the use of multiple site passwords

Hackers broke into the site last weekend, not only defacing user profiles but also using their oft used username and password combos to potentially gain access to other personal and financial info.

A Christian singles Web site called was infiltrated by hackers last weekend, reportedly absconding with the secret passwords of over 9,000 of its users.

The breach has widely been blamed on the Web site’s security system, which has been described by one outraged blogger as “pathetic… such rampant incompetence that it's in a word, criminal.”

Trend Micro Australia’s David Peterson’s diagnosis was along the same lines.

“Basically, the site was written with no real security on it at all... In this particular case, the term “hack” is probably being a little bit overgenerous to the technical skills of the people involved.”

Peterson explained that, due to the site’s lack of proper authentication protocols, it would be quite easy for anyone to just “hop” from their own account to somebody else’s, armed only with the knowledge of that person’s user ID.

“And that user ID is just a sequential set of numbers. So if your user ID was 10001, if you changed the URL to refer to when the page might be “Edit My Profile ID= 10001” and changed the number to 10002, suddenly you’re inside someone else’s page.

“And to compound matters, the passwords and email addresses are stored in plain text, so it was a simple exercise [for the perpetrators] to just go through all of them and pick out every single one of the emails.”

As a direct result of this, user accounts on the site were compromised and profile pages vandalized.

But according to Peterson, this defacement of people’s profile pages is merely the tip of a dangerous iceberg.

“The problem is that email addresses are commonly used as logins, and people tend to reuse the same logins and passwords for multiple other sites. So, once a hacker gets hold of details via an easily accessed site such as this one, it can lead to large credit card bills, strange or offensive emails, and private information being circulated globally.”

According to Peterson, a good, prudent piece of management is to consider having more than one email address and password in operation: “A lot of people have a work email address and a home email address and possibly a Hotmail address as well. Try to keep yourself compartmentalized -- so if you’ve got your social applications which are tied to an email address, do make that different from the email address and password -- at the very least the password -- that you might use for something financial.

Passwords are regarded as an inconvenience, but when there’s money at stake, do regard that as security and do have different passwords so you’re not exposed to this sort of level of compromise.”

Indi Siriniwasa, ANZ sales director at security firm F-Secure, echoed Peterson’s words, saying there is no excuse for having the same username and password for multiple accounts. “It is stupidity more than anything else,” he said. “It is good practice to have a unique password -- and not names and birthdays—for different log-ins.”

He also said that, when it comes to passwords, size does matter: “We [F-Secure staff] have 14 digits for everything, which is hard to crack -- and has nothing to do with your day to day life.“

The longer the password the harder and longer it takes for password cracking algorithms to be effective, and the greater your chances of staying safe, he said.

Peterson said the best approach is to have three separate sets of passwords, one each for business, finance and recreation. While he acknowledges this may be difficult for some people to remember, he suggests having a different “theme” for each set of passwords as a helpful way for users to remember them, but also to remember to keep them separate.

“Don’t recycle [passwords] between those three compartments because if someone has your password for Facebook today, it might not be your company password today, but it may be tomorrow… Multiple email addresses are not a bad idea, but multiple passwords are the most important thing.”

He believes this is something IT Managers should make very clear in their internal policies; that the passwords employees use for their work, which they may be using to access their corporate intranet remotely through VPN, should not be used on the Internet for anything else.

“Because then you risk compromising your company as well, which is not going to make anyone popular… As well as keeping a separation between social and financial, also do keep a separation between work and play.”

"It’s a hard lesson learned for these 9000 or so people. Password access alone is simply not enough to secure a Web site… The key thing is, if you’re putting something out there on the Internet, you always have to be considering security.”

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags hack

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Emma McKinnon

Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?