UPDATE – 6,700 leaked email addresses and passwords came from defunct shopping site

9 Jul 2012

The 6,700 leaked email addresses and passwords containing details of workers at organisations like HSE, AIB, and Enterprise Ireland, as well as many users’ Gmail and Hotmail addresses and passwords, came from a shopping website that went out of business but hadn’t been shut down properly.

Earlier today, Siliconrepublic.com reported how the 6,700 email addresses and passwords were published on a hacker forum.

Tom O’Connor, proprietor of hosting provider Databackup.ie, discovered the list. O’Connor has since confirmed he has brought the matter to the attention of the gardaí and a superintendent has since been in touch with him.

Old server still connected to web

Sources in the hacker community have pointed out that the list is not the work of a hacker or an insider in the telecoms industry, as O’Connor had originally thought, but instead came from an Irish shopping site that went out of business four years ago but whose web development partners hadn’t properly shut down the test server.

Neither organisation can be named at this point. A garda investigation is likely.

Neither the former website owners or its development partners were aware that the information had fallen into the hands of hackers or indeed that the site was still live. When contacted by Siliconrepublic.com, they were duly alarmed.

While many of the email addresses provided by users to the website were actual work email addresses, some IT administrators have been in touch to point out that users gave personal passwords to the site rather than login codes for their work addresses.

While no major damage may be caused, it is nevertheless a salutary lesson to business owners of the importance of protecting consumers’ information online and properly disposing of data that is no longer in use.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years