UKbanners.com, a popular banner exchange system, has found itself at the centre of a massive information leak after accidently posting its customers email addresses, websites and passwords online.
(click to enlarge)
All that anyone has to do to view all this personal information is visit this url – http://ukbanners.com/cgibin/shortfall.cgi
Looks like a massive own goal to leave all this information out in the public. The same security issue also affects their other websites – ukbuttons.com and cheekybanners.com.
Hovering over the username on that page showed their login name and password. Its unbelievable that they would show all this information on a publicly accessible page, but to then store passwords unencrypted is simply bizarre.
With those login details anyone can login and request payments, edit banners etc. Lets see if they fix it before this post goes live (I’m emailing them and warning them this has been published to appear tomorrow, 4th June)
{ 2 comments… read them below or add one }
Yes I saw this – Uradnet banner networks picked up on this also… uradnet.co.uk
Actually – I was wrong – Uradnet mentions that UKBanners emailed their customers back in April with details of a Flash Bannerpromotion. These emails also contained User ID’s and passwords… http://www.uradnet.co.uk/ukbanners.htm