On the back of yesterday’s discovery of more than 400,000 plaintext login credentials from Yahoo Voices, some 35,000 plaintext user details from Australian apparel maker Billabong’s website have reportedly surfaced online.
An anonymous posting at CodePaste.net has claimed that up to 35,000 credentials from the cult surf and beach apparel maker’s website had been grabbed. Though Ars Technica was unable to locate more than 1,435 of them on the forum, that is not to say that they weren’t published elsewhere or have not leaked out.
The incident is likely to raise further concerns over the store of user data, particularly if Billabong, like Yahoo, has failed to apply any level of encryption to the data, making it easier for third parties to access information that could be used for further online attacks and crimes.
With many sites using email addresses for log-in names, leaks such as this can put other Web services and email accounts at risk if users replicate their passwords across a range of websites and for other products and services.
Earlier this week, social question and answer site Formspring was struck by unauthorised access, although once-hot service disabled all users passwords and reached out to its users to encourage them to reset their access credentials. That’s something that Yahoo failed to do initially, and Billabong is yet to carry out.
Given the spree of hack-related stories, any Web companies that hold unencrypted user data should most definitely rectify that situation right away.
We’ve contacted Billabong to ascertain further details of the alleged breach.
Image via Flickr / Karola