The team working on the Trapster app (that one that helps you speed and mark speed traps and crash into walls and etc,) have sent warning that their site has been compromised, and that indeed the emails and passwords of thousands of their users had been taken – taken for what, you may ask? Taken for some spam! A helpful Android Community tipster by the name of Pam has tipped us off to this terrible event, recounting for us exactly what happened to her and the email sent out by Trapster as warning to others.
First take a look at Pam’s account of her situation, including a bit of a logout of her Gmail account, a password change, and a spam attack attempt:
Yesterday, my Android phone was prompting me to sign into my gmail accout with the login error icon in the status bar. I had not tried to sign into my gmail since the day before but entered my password & it would not accept it. I had to wait until I was home later to sign into my laptop. My gmail account immediatley, directed me to change my password without giving me the option to keep my existing password-very odd. I changed my password & upon opening my email I notice that I have a, “Delivery to the following recipient failed permanently”…”I” allegedly, tried to email ALL my contacts with the following:
http:// zuxopati.110mb .com/ vecowibo.html
Sel lYou rCrea tiveM indO nli neOf course, I never tried to email all my contacts with anything, ever.
Then take a peek at the message she received via email from Trapster at 2:07 AM today (not sure what time zone) :
Dear Trapster User:
The Trapster team has recently learned that our website has been the
target of a hacking attempt, and it is possible that your email
address and password were compromised. We have taken, and continue to
take, preventative measures to avoid future incidents but we are
recommending that you change your Trapster password. As always,
Trapster recommends that you use distinctive passwords for each site
you visit, but if you use the same password on Trapster that you use
on other services, we recommend that you change your password on those
services as well.For information on how to reset your password or improve the security of your passwords for your Internet usage, please click FAQs.
Sincerely,
The Trapster Team
Of course, this same situation might not happen to you, as Pam does admit to having used the same password on her Trapster account as she did on her Gmail account:
I was stupid enough to create an account with the Trapster app in early 2009 using the same password as my gmail (I tried the app & didn’t bother to download it onto my 5 phones since-I worked for a wireless carrier.) I’ve never been phished or hijacked before; but, receiving this email from Trapster is too coincidental to my failed attempt email & gmail recquiring me to change my password. I’m sure it’s happened to other readers too.
But the fact of the matter remains the same – hide your accounts, hide your emails, hide your passwords, because they hacking everybody up in here.
— Thanks for the tip, Pam, we appreciate it a bunch!
Repeat after me, “KeePass” (or another alternative), there is no excuse for re-using passwords, especially your Google account.
“Hide accounts, hide your emails, hide your passwords, because they hacking everybody up in here.” — really? REALLY? LOL!
Password store din plaintext? How can people continue to be so stupid?
I’d recommend against using Trapster until they specifically say they are stopping that practice.
Agree, inexcusable that these passwords werent better encoded, especially when the app began to gain giant usership
Proof that the Trapster team was storing plaintext passwords in their database!
I had the same thing happen to me, but I don’t have a trapster account.
so this is the reason why some people logged onto my GMail. have happen maybe 3 or 4 times now, not necesarry by trapster itself but other apps