Hackers hit the NASDAQ community forum, email addresses and passwords compromised

NASDAQ forum hackThere is bad news if you are in the habit of discussing stocks on the NASDAQ community forum, because hackers have managed to break into the site, and could have compromised usernames, email addresses and passwords.

The only silver lining on the cloud is that trading and commerce platforms were not impatced by the hack.

Users of NASDAQ's community messageboards should have received an email from the site, warning users about the security breach and advising members to change their passwords on *other* websites if the same password was being used.

Email from NASDAQ

My guess is that the servers running the NASDAQ community messageboard software had not been properly configured or not kept updated against vulnerabilities, and this allowed hackers an open window to access sensitive information.

Of course, it's never a good idea to use the same password in multiple places. If you are reckless and use the same password on multiple websites then if *one* site suffers a serious security breach and hackers manage to get hold of passwords, then your accounts on *other* sites could be at risk too.

Worryingly, there is no mention of passwords being securely encrypted suggesting that the site could have been storing users' passwords in an insecure fashion up until now.

What also irks me is how NASDAQ is describing the issue on the (currently shut-down) community forum itself:

NASDAQ forum

We are currently upgrading the NASDAQ.COM Community site.

We apologize for the inconvenience.

Any member of the online NASDAQ community who has missed the email advisory, won't be any the wiser from that message that the site has been hacked, and their usernames, email addresses and passwords have been compromised.

Shouldn't the site be more upfront about the security breach, and offer - for instance - advice that if members were using the same passwords elsewhere on the net, that they should be changed as a matter of priority?

Wouldn't it be helpful to warn about the threat of phishing emails?

The simple "we're upgrading the site" message feels to me a little like an attempt to brush the issue under the carpet, in the hope that the very people who need to be warned there is an issue - the community's members - don't notice.

Although I'm obviously pleased that an email was sent out (hey! let's hope none of them were to an expired Yahoo address, eh?)

Consider me unimpressed by NASDAQ's handling of this.

Tags: , , ,

Subscribe to the free GCHQ newsletter

, , ,

Special offers & deals


  • PureVPN - 85% off!

    PureVPN - 85% off!

    Make sure your personal data and online activity aren't exposed. Encrypt your internet traffic and cover your tracks with PureVPN. Works with your PCs, Macs, iPhones, Androids, routers, gaming consoles, and Smart TVs. Connect up to 5 devices at once at top speeds.
  • Password Boss Premium Version - 86% off!

    Password Boss Premium Version - 86% off!

    All you need to do is remember one master password, and Password Boss will do the rest - remembering all of your different online passwords securely. Security and peace of mind.

More deals...

Leave a reply

2 Comments on "Hackers hit the NASDAQ community forum, email addresses and passwords compromised"

Notify of
avatar

Sort by:   newest | oldest | most voted
cypherpunk
Visitor
cypherpunk
July 18, 2013 8:59 am

Did they leak the hacked content on Pastebin or somewhere else ?

wpDiscuz