etoro Website Hacked

[Manav]

Hey guys do have a quick look at this article and let me know if etoro's website actually hacked?

eToro Vulnerable To Database Dump | zSecure: Web Security Consultancy Services

I just came across through with this article from some facebook community and was wondering how it is possible for a leading forex broker like etoro to get hacked. Waiting for your comments

 

[Pharaoh]

There's nothing quite like that feeling that all your personal financial details are safe and secure with your broker.

I'd recommend anyone with an account at eToro contact support and ask why this issue wasn't fixed as soon as zSecure reported it.

 

[kamal78]

So what the news on this subject? Is etoro safe to use ? I have a small account there.

 

[Pharaoh]

So what the news on this subject? Is etoro safe to use ? I have a small account there.

Contact eToro and ask them if they've fixed the issue or not. Post their reply here.

 

[kamal78]

Contact eToro and ask them if they've fixed the issue or not. Post their reply here.

I did , when i've asked about database dump vulnerability support response was "What is that? I never heard of such thing" . They deny everything , even that the company zSecure have contacted them about this.

 

[PortFPA]

Hi Guys,

The short answer is no. There's no cause for alarm

The database that is shown in the screen caps of the site mentioned above, relates to the old version of our blog which is not active anymore. In addition, the blog (old OR new) contains only content and is NOT hosted on the same servers as our trader accounts. Thus, there is no security risk to traders and their financial transactions. Hope this helps!

Laura, eToro Social Team

 

[Manav]

Hi Guys,

The short answer is no. There's no cause for alarm

The database that is shown in the screen caps of the site mentioned above, relates to the old version of our blog which is not active anymore. In addition, the blog (old OR new) contains only content and is NOT hosted on the same servers as our trader accounts. Thus, there is no security risk to traders and their financial transactions. Hope this helps!

Laura, eToro Social Team

Laura! From your comment one thing is clear that eToro's security got breach even the screen-shots relates to your old blog but still the fact remains they have got access to your database. How can you make sure they didn't get acess to your main database containing user info?
I am very curios to know that. Thanks

 

[kamal78]

I would also like to add that if you search "etoro vulnerable to database dumb" on google you will get many results. These news have spread to various hacker websites , including one related to the infamous Anonymous team. Showing that you are somehow weak to hackers and getting attention from these groups is certainly not a success. How is eToro going to react ? Are you ready for possible attacks?

 

[Simon Edwards]

Hi Guys,

The short answer is no. There's no cause for alarm

The database that is shown in the screen caps of the site mentioned above, relates to the old version of our blog which is not active anymore. In addition, the blog (old OR new) contains only content and is NOT hosted on the same servers as our trader accounts. Thus, there is no security risk to traders and their financial transactions. Hope this helps!

Laura, eToro Social Team

Sorry but you are completely wrong. The security risk to traders is at a ridiculous level.

I liked the look of the etoro platform and was about to put some money in until i tried out a very simple and basic test. IT FAILED.


The clients Account details etc are of paramount importance, everything should be done to keep them secure.

I used the request password feature to reset my password , what should have happened was i was after passing some security checks i would be sent to a link to reset my password or sent a system generated password to log in.

The email i received contained THE ACTUAL PASSWORD i CREATED


What this means is you are storing User Details with out encryption! If you can not get this simple and basic thing right what else are you being negligent on??????


This needs to be fixed now.

So the Short answer is YES. THERE IS EVER NEED FOR ALARM. ALL CLIENT DETAILS ARE NOT ENCRYPTED AND STORED AS CLEAR TEXT

 

[kamal78]

Sorry but you are completely wrong. The security risk to traders is at a ridiculous level.


So the Short answer is YES. THERE IS EVER NEED FOR ALARM. ALL CLIENT DETAILS ARE NOT ENCRYPTED AND STORED AS CLEAR TEXT

Have you contacted them about this issue? And if yes what was their answer? This seems very bad as well.