Netvibes module developer collects web credentials

“A French security blogger gained access to private user data on personal homepage service Netvibes last weekend, exposing stored usernames and passwords for popular integrated web services as well as user content loaded in the page. The blogger’s account has since been deleted from Blog*Spot (currently cached on Yahoo!), but he provided extended details to French blog Le blog de ¥€$ (English translation). Netvibes has since claimed to patch “a security vulnerability in webnotes” exploited by this developer. I alluded to some of these issues with stored user information, phishing, and general brand confusion in a post two months ago about the popularity of available widgets regardless of their makers.”

Full story here

See, you should be using 🙂


%d bloggers like this: