News

Website Password Vulnerability

Poisonenvy

Poisonenvy Poisonenvy

Alpha

Forum Fiend

I should have mentioned this before .. but I forgot! Firefox had an update a while ago which created a problem sometimes when logging into our website. It would come up with a message saying the site was not secure and that your password could potentially be stolen.

At the time I investigated this, and spoke to Support at Gamerlaunch (our website host) who stated the following:

Yes, all password are safe. All passwords are hashed and salted and never stored in plain text. The only way to access our servers is from our local network unless you have our VPN information. Your level of security has not changed in any way since our server migration. If you would like to login to a secure page you can use our home page https://www.gamerlaunch.com and then navigate to your site that way. We are aware of the bug that is logging customers out even after they click "keep me logged in". We should have a fix for that soon.

According to the development team custom domain sites have never had SSL secured log in fields. Only our sub-domain sites have. According to FireFox'z release notes from January 27th they did add a new notification regarding page security. From the notes "A warning is displayed when a login page does not have a secure connection" https://www.mozilla.org/en-US/firefox/51.0/releasenotes/

I would not say it's a high risk at all. There are essential three ways someone could steal your login information.

Phishing - sending you an email linking to a fake site that looks like the real thing. (there's nothing we could do to prevent this)
Cross-site scripting (XSS) - exploiting a vulnerability in a website to inject custom JavaScript code that would then try to steal your info. (this is certainly possible but not likely. For this to happen we would have to be hacked. All of our databases and servers are very secure and monitored 24/7)
Man-in-the-middle attack - listening to information flowing through an insecure data connection (like a malicious "free" wifi hotspot), potentially injecting malicious code into the visited websites.

If you have any other concerns or questions I would be happy answer them.

Basically I would recommend that, if you're concerned, you ensure your login details are unique to our website .. that way even if someone steals that information, it won't get them anywhere.