Dating Sites Reviews Forums
POF Account Hacked
Page navigation
joe
Anonymous
cant figure whay anyone would want to hack into POF account.. weird
what do they hope to gain a small amount of money
what do they hope to gain a small amount of money
8
8
Quote
Mark Right At
Anonymous
As a tech expert in this field, I can tell you that PoF is notoriously insecure. Historically PoF used to email users their password every day along with their matches. The mere fact the password was stored on the database in plain text was shocking, but emailing the password to users everyday is horrendous.
A few years ago they were hit by a huge SQL injection attack, which is a very trivial thing to pull off (and trivial to prevent, if you care about security for your users). I suspect such incidents are still open to happen, as there are odd tell-tale signs of poor character escaping and poor synchronisation between client and server. Like how quotation marks duplicate everytime you update your profile (likely a dodgy regex trying to replace the ' but duplicating it instead). Or how your display name is allowed to be 120 chars but only 100 ever get displayed. These are typically signs of poorly maintained code.
I remember having a look at their clientside code a few years ago and I was absolutely gob smacked. The validation on the clientside was comprised of about 500 'if' statements looking for certain strings that had clearly been used to spam the site. Like "if name == 'fake'" "if name == 'aa'" "if name == 'aaa'" etc.
I heard that the original developer made the site as a learning experience. But I had hoped Match would've improved security since taking charge of it - let's hope they have done.
A few years ago they were hit by a huge SQL injection attack, which is a very trivial thing to pull off (and trivial to prevent, if you care about security for your users). I suspect such incidents are still open to happen, as there are odd tell-tale signs of poor character escaping and poor synchronisation between client and server. Like how quotation marks duplicate everytime you update your profile (likely a dodgy regex trying to replace the ' but duplicating it instead). Or how your display name is allowed to be 120 chars but only 100 ever get displayed. These are typically signs of poorly maintained code.
I remember having a look at their clientside code a few years ago and I was absolutely gob smacked. The validation on the clientside was comprised of about 500 'if' statements looking for certain strings that had clearly been used to spam the site. Like "if name == 'fake'" "if name == 'aa'" "if name == 'aaa'" etc.
I heard that the original developer made the site as a learning experience. But I had hoped Match would've improved security since taking charge of it - let's hope they have done.
11
13
Quote
Mark Right At
Anonymous
Quote by: Anonymous
PoF is notoriously insecure..
This should say *was* notoriously. As I can't comment on the current state of the site's security or code quality. I'm sure much has changed and hopefully things are much better now... I'm sure any more recent account breach issues in this thread are isolated cases rather than an issue with the site's overall security.
7
9
Quote
Status: offline
Forum User
Newbie
Registered: 2023/02/08
Posts: 2
I just got an email right now
I think it is an error on PoF's part because I use a 30 character secure password like this thanks to Bitwarden
gcwav*uz%f5smT4tts%n@pqNGL#S%6
The email is unique and only used on PoF thanks to Simplelogin
I am also on point with my cybersecurity
I think it is an error on PoF's part because I use a 30 character secure password like this thanks to Bitwarden
gcwav*uz%f5smT4tts%n@pqNGL#S%6
The email is unique and only used on PoF thanks to Simplelogin
I am also on point with my cybersecurity
11
10
Quote
Status: offline
Forum User
Newbie
Registered: 2023/02/08
Posts: 2
Quote by: Status
I just got an email right now
I think it is an error on PoF's part because I use a 30 character secure password like this thanks to Bitwarden
gcwav*uz%f5smT4tts%n@pqNGL#S%6
The email is unique and only used on PoF thanks to Simplelogin
I am also on point with my cybersecurity
The email I got was account frozen for suspicious activity
I reset the password and nothing on my account looked off/changed
11
8
Quote
sid
Anonymous
pootins hackers at work for sure
10
11
Quote
Page navigation
All times are EDT. The time is now 12:38 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- HTML Allowed
- Censored Content
Subscribe
