Labour’s passwords
Labour’s security issues go beyond the fact they left their entire server contents available for anyone to see if they went to one of their campaign websites. Their passwords are now in Google.
Whale blogs:
Commenters at Kiwiblog and other sites quickly realised what I did long ago and that was that Google and other bots had archived Labour’s open site extensively. All their data is still in the cache and will be for quite some time.
Doing a simple cache search of the root domain with the word “password” added shows just how bad their security was.
The problem however was much worse than that. Way worse. Remember that Chris Flatt the Labour General Secretary sent out a letter and email to their donors assuring them that their credit card details were safe. He shouldn’t have been too hasty with that assurance.
In the MySQL database files there were also plain txt strings that contained other database passwords along with the user name and passwords of their credit card provider.
Oh dear.
This shows the appalling lack of security not only for the donor and membership details but also with regard to usernames and passwords for other secure areas.
I never accessed those areas, to do so would have been illegal. But given that their systems were open and exposed long enough that Google and 9 other bots were able to cache the entire directory system there is a good chance that Russiam or Nigerian scamsters also were able to obtain access to the database and credit card processing passswords that Labour left exposed. Chris Flatt cannot give any assurances that their donor details including credit cards were safe and secure.
Their credit card passwords have been sitting in Google for several months. Need more be said.