Loading Profile...
Someone else's passwords from the other side of the planet just appeared in my sync'd password list. HOW?
I just was browsing the internet and noticed on a site (tek-tips I
think) that the username/password box was prefilled with a username/password I didn't recognize. This struck me as odd so I went and looked into my saved passwords in firefox. There were at least 20-30 saved username/passwords for some guy apparently in Australia.
This is somewhat unsettling. I do not use public computers, nor does anyone else use any of mine.
Any ideas? I have all this guys passwords, but I'm more concerned that someone else may have mine.
think) that the username/password box was prefilled with a username/password I didn't recognize. This struck me as odd so I went and looked into my saved passwords in firefox. There were at least 20-30 saved username/passwords for some guy apparently in Australia.
This is somewhat unsettling. I do not use public computers, nor does anyone else use any of mine.
Any ideas? I have all this guys passwords, but I'm more concerned that someone else may have mine.
I’m concerned
2
people have this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
The company has acknowledged this problem.
-
Inappropriate?Thanks very much for bringing this to our attention--this is very much something we'd like to investigate further. Is your Xmarks username the same as the username you're using here on Get Satisfaction?
Though we've never seen evidence that Xmarks was used to compromise computer data, we've seen examples of a computer virus used to extract information from the Firefox password file when it's not encrypted with a Master Password, and that information then posted online. Given that your PIN would be required to synchronize new passwords to your account, and Xmarks in no way has access to your PIN, chances are something like this has happened to you.
Though I don't want to alarm you, it is safest to assume that your passwords have been compromised, and that your computer is currently not a safe place to store personal information. I strongly encourage you to contact a computer support technician for assistance in re-securing your computer and its data.
As part of that, be sure to update your Xmarks password and PIN once you've established a secure computer (no sense in updating the password and PIN if the computer is still compromised). -
Inappropriate?Yes, my xmarks username is the same.
I *am* the computer support technician. I do not utilize the master password, but it seems odd that someone else's information showed up in my password list. I can confirm they are working and valid passwords as i accidentally logged into gmail as this person.
I too am assuming my passwords are compromised (which sucks as there's gotta be at least 100 of them in there).
I’m upset
-
Inappropriate?This is more troubling the more i think about it. I do not feel any of my PC's have been compromised.
Your explanation doesn't explain how some *other* users information ended up in my password lists. I could see someone getting a virus or similar and having their own information leaked, but to have someone else's information show up in my own list doesn't make much sense.1 Comment
Add a comment
This solves the problem
-
If your Xmarks information were obtained by someone else who then tried your password and PIN in their browser to see if it worked, they might inadvertently insert their data into yours (or perhaps even intentionally, I suppose).
We'll investigate further on our end as well; I just wanted to make sure you understood the possible ramifications, which it sounds like you do. -
Inappropriate?Gotcha. Is it possible to get a trace/log of all IP's that have synched to my xmarks account?1 Comment Add a comment
This solves the problem
-
It'll take some doing, but we'll dig up some information for you. I'll follow up via the email you sent to our support address.
-
Inappropriate?I've had this problem since I've been using Foxmarks/Xmarks. I have been able to log into eBay, PayPal, Facebook and even Gmail accounts for about 5-7 different people I don't know!!!!! The DB is definitely screwed up somehow. I could easily steal money, buy and cause havoc to anyone of these peoples lives.. though I wouldn't. Just goes to show how unsecure the password/username feature is.
By the way, I've got some guy from Australia too! And someone from the UK.
-
Inappropriate?By the way, if someone from the company wants me to give the usernames of the other people I've been able to intrude on via the web using your "Synch Password" tool.. I'll be happy to forward a company employee the information. It bugs the crap outta me that not a single employee has contacted me to try and get to the bottom of this problem. This is a VERY serious issue.
I’m baffled.
-
Inappropriate?Really? Still no response or contact from the company about this? I'm willing to help. I'll provide the usernames/websites I have access to --- this way you can pinpoint the users that have their username/password data bleeding over into other accounts!!!! This should be top priority as its a friggin' MAJOR security issue.
I’m annoyed at the lack of care about this SERIOUS security issue.
EMPLOYEE
