Usernames, passwords of IT employment site revealed

ISAW or Internet Security and Warfare alerts users of a page in ITPros.ph that contains a listing of its members’ account details, including passwords, in plain text. ITpros.ph is designed to be “the Philippines’ key employment facilitator for the ICT industry.”

The page is searchable through Google and when I went over its listings, I spotted the account of someone that I know.

ITpros.ph EXPOSED PASSWORDS. A screengrab of account details listed in a page in ITpros.ph. The page lists the details, including passwords, in plain text. Click on photo to view larger image.

I informed the person of it and he confirmed it was indeed his old account and the password listed there was indeed the one he used. I think this is potentially dangerous as most people use the same passwords for multiple accounts. I also spotted several accounts using “password” as password.

The availability of the page shows the potential risks of signing up to websites, what with the multitude of web 2.0 services cropping all over the Web and the urge to immediately sign up for accounts. Most people I know use the same password for their e-mail and other web-based services. If one of these services is compromised and your account details are exposed, your other accounts are also at risk.

This is scary, don’t you think? I’m reorganizing my passwords. I’ll be using a different password for my blogs, GMail, AdSense and web server panel accounts. I’ll be using shorter ones for less important services. I’ll be using a new combination for signing up to websites–you know the type, the latest free web 2.0 service to be featured in Techcrunch.