http://www.cyberwarnews.info/2012/01/18/21000-accounts-dumped-from-videogamesplus-ca-by-b4lc4nh4ck/
Another day, another hack.
For anyone who has ever used http://www.videogamesplus.ca their user account information (email, name, d.o.b, telephone no., hashed password, ...) has been exposed, as my details are also listed in the SQL file linked by the above site.
Luckily, the passwords all appear to be encrypted (not sure if they are salted aswell) but as precautionary measure you might want change your passwords especially if its weak and/or the same email & password combo is used elsewhere.
Crivens!
Thanks dude, better get on that (if I can actually remember my password that is!)
So far it seems that VGP+ have used unsalted MD5 to encrpt the passwords, which is an absolute poor level of security. If this is the case I imagine that a significant amount of the passwords on that list will be decryptable. With all the recent hackings, websites really need to get their acts together with regard to security especially when storing customers' personal information.
I don't know what David Cameron says, but, yeah, going back to a site that has been hacked and changing your password? Is that the thing to do? Surely their whole business has been compromised on a level that means any access to that site, unless they've very deliberatly changed the entire web application, should be considered a toss of a coin.
I mean, the emails they've sent through are as close to a phishing scam as you can get!
Did they store credit card details? If not, this is about the same as the PSN hack huh.