Los Angeles Splash Magazines Worldwide, which publishes local versions of its magazines under URLs like NYCSplash.com and LASplash.com, has exposed the personal e-mail addresses and passwords for hundreds of its subscribers. The list of e-mail addresses and passwords for members" Gmail, Hotmail, Yahoo, and other accounts would turn up in the results of unrelated Google searches Monday if those searches happened to contain at least two keywords that matched the names of Splash members. Splash founder Larry Davis said in an interview that he was not aware of the security problem and did not know how it could have occurred. "We have a Webmaster who is supposed to know all about security," said Davis.
Splash"s servers are co-located at a Los Angeles Internet hosting company called Calpop. However, Calpop co-founder Lynn Hoover said his company simply rents floor space and bandwidth to Splash and is not involved with the maintenance or operation of its Web sites. Hoover theorizes that the information could have been inadvertently exposed to the Web if the Google search spider happened to be crawling Splash"s sites at a time when password-protected pages were open for editing or maintenance. Versions of the pages held in Google"s cache would then be publicly available. Understandably, some Splash members are now worried they"re going to get soaked by cybercriminals. It"s definitely an issue Splash will be dealing with for quite a while. If you"re a member, make sure to change your password before you go and write them an angry e-mail.
News source: InformationWeek