Usernames, passwords of IT employment site revealed

ISAW or Internet Security and Warfare alerts users of a page in ITPros.ph that contains a listing of its members’ account details, including passwords, in plain text. ITpros.ph is designed to be “the Philippines’ key employment facilitator for the ICT industry.”

The page is searchable through Google and when I went over its listings, I spotted the account of someone that I know.

ITpros.ph EXPOSED PASSWORDS. A screengrab of account details listed in a page in ITpros.ph. The page lists the details, including passwords, in plain text. Click on photo to view larger image.

I informed the person of it and he confirmed it was indeed his old account and the password listed there was indeed the one he used. I think this is potentially dangerous as most people use the same passwords for multiple accounts. I also spotted several accounts using “password” as password.

The availability of the page shows the potential risks of signing up to websites, what with the multitude of web 2.0 services cropping all over the Web and the urge to immediately sign up for accounts. Most people I know use the same password for their e-mail and other web-based services. If one of these services is compromised and your account details are exposed, your other accounts are also at risk.

This is scary, don’t you think? I’m reorganizing my passwords. I’ll be using a different password for my blogs, GMail, AdSense and web server panel accounts. I’ll be using shorter ones for less important services. I’ll be using a new combination for signing up to websites–you know the type, the latest free web 2.0 service to be featured in Techcrunch.

Support this blog and independent reporting on Cebu

3 responses

  1. Yikes! That is scary. I think I should reorganize my passwords too.

  2. I was able to view the list.

    People have a habit of using 1 password for their login to different sites.

    Some of the first yahoo accounts can be opened.

    I hope the owner itpros would send an email to those in the list.. a generic email would be fine… inform them that their passwords were exposed and advice them to change it..

    I hope itpros would do this.

  3. LOL!!

    “On-going Systems Upgrade”

    Well..If they ever had a privacy policy or something like that.. can people sue them or something…

    Well not sue them.. but I doubt anyone would trust those guys again.. I know I wouldn’t 😉

Leave a Reply

Your email address will not be published. Required fields are marked *