Whats with the exoclick.com hack email?
 

wtf is this?

It looks like you would hit the delete key, and move along with your day?

:helpme

from what im reading is that this guy has a problem with exo for freezing his account. He hacked exoclicks and has ALL the info about all their affiliates. That means he also has all my information aswell.

Why would i want to move along when my information can get exposed?

wtf.

Feng is nub :1orglaugh

Um it looks like the data base got hacked if you follow those links on that page

sounds legit, have luck everyone :upsidedow

yeap so ALL the affiliates their information (iban,swifty,paypal,paxum etc) is in the hands of this hacker....

sounds like he's mad and looking for a little payback

Damn , i understand the guy is made, but what the point to make trouble to the other client

Hey Fengwu if your client like us, perhaps it would be better for all of us if you pulled out the link on the topic and just let people discuss...

Dought it will make any diff as it looks like he has the users email addreses which he is using to send out this info

looks like it :Oh crap

Well im concern about all GFY got access to this list..

Well all Exoclick members who get an email from him will have access to it and anybody else he wants to send the info to on the web, its a bit late to worry about it now and anyway looking at the passwords they are encoded

Well that your opinion, certainly not mine. People on the list have no gain to publish that list.. anyway we cant stop all info to go on the web, but at least if we could avoid publish it here, you can avoid some potential problem...

I just had a look at some of those screenshots and it does show user login names, thier real names, addresses the company ID's and tel no. I think Exoclick need to get in here quick smart

Why would you publicly post this?

I got that message too.

Wonder whats going on?

Exoclick got hacked.

The most interesting part is that he claims he has proof that Exoclick is cheating it's customers.

With all the info and database dumbs and screenshot he already posted there is no doubt that this guy hacked Exoclick and had full access to their databases and all info.

Ugh.
Has this been taken care of yet?

The OP removed the link but the guy has been sending out emails to Exoclick users with the link and he does have all the info up on a site. He also has a password to access info about credit cards, paypal ect on the site

Hi Everyone,

About 6 months ago, ExoClick has been under heavy attack, from pretty nasty DDOS to all sorts of attempts to hack our servers or take them down.

Fortunately, we have a very high performance infrastructure and these attacks never took us down.
Unfortunately, one of their blind SQL injection attack got successful and they were able to fetch encrypted passwords as well as other information we have in our database. During all this time, he has been trying to blackmail us in all sorts of ways.

It appears the last thing he could do is to hurt our reputation and contact our clients about it.

To all our clients, please, rest assured your account is 100% safe. We have taken all necessary measures to prevent this type of issues in the future and to protect ExoClick clients. After the incident, we also hired a company expert in online security to audit our platform and make sure there was no other possible flaws.

I sincerely and personally apologies for this. And I apologies for any inconvenience that this might have caused you. Believe me we are taking this very seriously.

If you have any questions or doubts, please don't hesitate to contact me personally.

Best,
Benjamin.

You can see the hacker used super simple SQL injections to get access, meaning that they were using non-escaped querystring in the SQL - which is like one of the most basic security measures these days... At least they did seed the user passwords.

Well all personal and bank information of all users is public already now...

Nice quick repsonce and I hope you can find the idiot who did it

That's not going to help anything, he emailed the link to 10,000s of users from the exoclick database already.

Nice quick response??

6 months too late. They should have informed their users as soon as it happened. Especially because of the sensitive personal and bank info that has been compromised!!

Not all of it is yet. He had the banking info for Exoclick users password protected and all the users passwords are encrypted anyway , but whos to say that he wont start pasting it all over the net if he doesent get want he wants and if they do give him what he wants whos to say he wont keep on doing it.

I hope Exoclick can find this idiot :2 cents:

Im talking about a responce on the board

exactly. how are all accounts safe when there is db dump online? come one exoclick, are you serious? you cannot hide the fact that all users info is out behind any words :2 cents:

and please, how can someone who hacked 82k of users, be an idiot? :) :error

I have an Exoclick account and got no email...

Because anybody who trys to blackmail a company by hacking into their users data base is an idiot

Are you doing anything to go after the guy behind this? Do you know who he is?

:2 cents:

I didn't get the email. Where is the link?

we need to know what exo is going to do about this.

Same someone get it to me please.

PLEASE, dont spread the email, if you received it, please keep it for yourself.

Exoclick is a victim with all their clients, even if its long time ago and everyone concerned had their password changed, spreading this info wont do any good to anyone on top of the blackmailer and other hackers and scammers who will use it and potentially harm the people on the list, people that can be your friends, partners, affiliates or just part of our community.

rogue email admin

just hopeful this isnt another wtfbucks effort or is it?

guess we will know in a few days if people get their email assigned to exoclick emailed.

This happened 6 months ago. Did exoclick notify those on the list?

I didn't get an email so I can assume I'm safe? But I'd like to see for myself..

i see guy who showed them vulnerability, they filled it and closed his account with his money? he wanted to get that solved and exoclick admin acted like an asshole, so he decided to solve it by putting the backups online? how you can know where is the truth, when the first time you read from exoclick that database was compromissed is now after 6 monhts? not backing up anyone, just hackers are mostly not idiots :)

Only reason why I would like to view it as well.
:Oh crap

if you have registered before february 2012, you are on the list, maybe your email is still in the outbox :)

I signed up in early 2008.
...Just checked again.
No email.

Maybe he didn't email all of the users.

If you check the database dumps he posted you can see some things he did was like get a list of users sorted by the ones with the highest balance. Maybe he only emailed specific users with a high balance or something.

select username from users order by balance desc

Ah.
Thank you sir.
:)

First of all, I would like to thank all the people who have shown their support during this pretty hard time. Really this is good to hear.

I have seen several questions and I'll try to answer some of them but please if you have concerns contact me in private as I don't think it is wise to discuss it further publicly, especially regarding the security measures we have implemented.

When the problem occured, we of course contacted immediately the clients who had their account compromised and made sure that they set a new, complex password. Actually, it was not many accounts as most passwords could not be decrypted.
We continuously monitor the accounts to make sure there is no suspicious connections and that is one of MANY reasons why I can say the accounts are safe. If you still have some doubts, you can of course change your password in your Admin Panel.

We are going to go after this criminal with every resource at our disposal. We have already started.

I understand some of you are angry, you have every right to be. I cannot change what happened, but trust me we have taken every possible measure in the best interest of our clients, as we have always done, and we will continue to do so.

I won't comment on this thread anymore but to those who need to contact me, please do.

Thanks again to all the clients who are behind us on this.

I am not saying all hackers are idiots Im saying this guy is an idiot for trying to blackmail a company and anybody else who trys to pull of stunts like this.

It dosent matter how secure a members area is, If a hacker wants in, he will normally find a way, but to then use what he has to blackmail a company well that just pure idiotic.