Comments on: Flippa Was Hacked So Now What – Is Your Personal Information At Risk?

By: Travis

Travis — Tue, 20 Jul 2010 22:27:46 +0000

Dave:

Thanks for stopping by and updating us on this issue. I appreciate it. Good to hear nothing serious (i.e. financial data and passwords) were compromised.

Travis

By: Dave Slutzkin

Dave Slutzkin — Tue, 20 Jul 2010 22:18:49 +0000

Guys, we’ve now been able to post about this, read it here:

http://flippa.com/blog/news/flippa-security-vulnerability-reported-and-fixed/

No financial details are stored on Flippa and admins have no access to passwords so these have not been compromised.

By: IH-Adam

IH-Adam — Tue, 20 Jul 2010 16:40:17 +0000

Admins do/did have access to users PM’s, disputes and after sales dialogue between buyer/seller.

By: Travis

Travis — Tue, 20 Jul 2010 16:25:53 +0000

That’s fine – so they jumped the gun but they shouldn’t remain silent at this point. A simple blog post stating they “posted something too soon,” followed by details of the hack is what they should do at this point. I’m sure they’ll eventually say something but remaining silent at this point makes no sense to me, but what do I know. I’m just a blogger.

Travis

By: Clinton

Clinton — Tue, 20 Jul 2010 16:16:20 +0000

If admins had access to your PMs, the natural conclusion is that hackers have had access too.

So if you sent any Flippa uer any access via PM – access to your GA account, your server stats, FTP login, domain control or anything else – consider it compromised.

Flippa likely deleted their blog post because they jumped the gun and the site isn’t completely secure yet.

By: Travis

Travis — Tue, 20 Jul 2010 15:37:33 +0000

Good post – and good catch. I didn’t notice that when I saw the screenshot. This story just keeps getting better and better. Flippa has to come out now to put the fires out. They look really silly deleting a blog post that was even retweeted a few times.

Travis

By: Clinton

Clinton — Tue, 20 Jul 2010 14:04:57 +0000

Travis, I get my laughs from the listings, not Flippa. So no meanness to Flippa intended.

However, I’ve just done a blog post about something very disturbing. It seems Flippa admins have access to log in to users’ accounts and read their private messages.

By: Travis

Travis — Tue, 20 Jul 2010 13:49:20 +0000

Clinton, you’re so mean to those Flippa folks…lol.

Travis

By: Clinton

Clinton — Tue, 20 Jul 2010 13:47:16 +0000

Justin, the only routine task I do there is get my daily fix of laughs.

By: Travis

Travis — Tue, 20 Jul 2010 13:31:10 +0000

Adam:

Thanks for stopping by and for providing additional details and screenshots. What I don’t understand is why Flippa would blog about it and then delete it. It just doesn’t make sense. As a marketplace, you would think that transparency would be of utmost importance.

@Keith: Thanks for the Google cache link! Just to make sure we have a permanent record of the Flippa blog post, I took a screenshot of the cache page you provided. Here is the link to it:

http://www.flipwebsites.com/images/flippa-hacked-blog-post.jpg

Thanks for helping out and getting the cached page to me!

@Justin: If you read the Flippa blog post that we now have a permanent record of, it sounds like the “routine task” was just that – a routine task (signing in as a different user at Flippa). It’s good to know that not much was compromised and that Flippa was quick to resolve the issue.

Travis