Security

This article is more than 1 year old

Mag publisher Future stored your FileSilo passwords in plaintext. Then hackers hit

Plaintext passwords. In 2017

Thu 9 Feb 2017 // 07:01 UTC

UK magazine publisher Future's FileSilo website has been raided by hackers, who have made off with, among other information, unencrypted user account passwords.

FileSilo.co.uk is a website Future's mag subscribers can log into to download materials, such as Photoshop templates and graphics, for tutorials published in its print titles. Future is responsible for things like Edge, Digital Camera World, and ImagineFX.

A notice sent to FileSilo users on Wednesday advises everyone to change their passwords for the site, and any other website with the same password, "as a matter of urgency," due to the astonishingly bad decision to store the passwords without encryption. Yes, in plaintext.

"In the last 24 hours it has come to our attention that FileSilo.co.uk's user registration database has been compromised," customers were told.

"Unfortunately users' email addresses, usernames, passwords (stored in plaintext), name and surname may have been stolen in the process."

The FileSilo site has been shut down as a result of the attack and its administrators say it will relaunch once "we are satisfied that the breach has been fully rectified." Hopefully that includes not storing passwords in plaintext.

"We take the security of our registered users extremely seriously and we are investing in implementing advanced systems that enhance that security," said the company that just lost user passwords it kept in plaintext. "These efforts continue to proceed on track."

In the meantime, users should make a point of reviewing their stored passwords and changing those for any site that shared the FileSilo password, which was stored in plaintext and then stolen.

This might also be a good time to ask the operators of those sites if, like FileSilo, they have left passwords sitting around in plaintext for hackers to steal.

El Reg asked Future for some comment on the breach and the reason why the passwords were stored in plaintext and not encrypted. In accordance with FileSilo's security policy, we sent the request in plaintext.

Topics

Special Features

Vendor Voice

Resources

Security

Mag publisher Future stored your FileSilo passwords in plaintext. Then hackers hit

Plaintext passwords. In 2017

More about

More about

Broader topics

More about

More about

More about

Broader topics

TIP US OFF

Other stories you might like

185K people's sensitive data in the pits after ransomware raid on Cherry Health

Pandabuy confirms crooks nabbed data on 1.3M punters

Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals

Reducing the cloud security overhead

US House approves FISA renewal – warrantless surveillance and all

Global taxi software vendor exposes details of nearly 300K across UK and Ireland

SharePoint logs are easily circumvented and Microsoft is dragging its heels

Puppies, kittens, data at risk after 'cyber incident' at veterinary giant

Ransomware gang did steal residents' confidential data, UK city council admits

X's Grok AI is great – if you want to know how to hot wire a car, make drugs, or worse

OWASP server blunder exposes decade of resumes

Nearly 3M people hit in Harvard Pilgrim healthcare data theft

About Us

Our Websites

Your Privacy