Word on the street is that Flippa got hacked (headsup, Flipfilter) about a week ago. Nice image of the Flippa admin screen at the is-hacked.com link. The alleged sequence of events is
1. Flippa Got Hacked (no big deal in itself) by Adam
2. Adam was kind enough to tip Flippa off about the vulnerability
3. Flippa fixed it (pretty quickly)
But if Adam's claims are true and everybody's accounts at Flippa have been compromised, why didn't Flippa tell its members? Maybe they think he's got only a list of email addresses. Isn't that still good reason to put out a press release and apologise profusely to your users?
The hack certainly ruined Lucas Chan's day (developer at Slippa). He says on Twitter (15th July):
And on the 16th@ISHACKED Thanks for your email. Have notified our dev team. We're on it. Will get back to you properly when near a computer.
And now that the flaw has been fixed, why is Flippa threatening to sue Adam if he releases a video of how it was done?On average there is 1 day per year when I decide I hate the interwebs. That day is today. Looking forward to tomorrow when love resumes.
Luke / Dave, care to shed some light on this?
The advice around is to change all your passwords, not just the passwords for Flippa and Sitepoint, but for Google Analytics, Escrow.com and any other account you used at Flippa (teach you to trust someone else with your GA/escrow or other login!)Flippa’s Dave Slutzkin and Lucas Chan were notified to the breech within hours of when it was found, minutes after recording the video (out soon)
With the amount of web developers on SitePoint and Flippa it can almost be guaranteed we we’re not the only ones to know about this MASSIVE VULNERABILITY, as it was too easy to access their users information for it to only be us nice guys to have found it.