Once we detected this issue, we immediately conatcted iDevAffilaite through their standard customer support channels andI am thrilled to announce that a patch is already written, tested and ready for public consumption after just 3 days. Jim Webster, the author of iDevAffiliate, sent me this announcement:
A new system update has been released for iDevAffiliate. This update will encrypt affiliate account passwords in the database as well as encrypt social security / VAT numbers in the database. Although these measures will greatly decrease the likelihood of this data being compromised, we strongly suggest making sure you have properly secured your database server as well. This update is included along with a couple other patches and can be found at the following URL:
Please download the patch file and unzip it to your local hard drive. There are two readme files. One contains information about the patch. The other contains instructions on how to perform the patch. Updating your system with the latest patch shouldn’t take more than a couple minutes. Requirements: You must be running iDevAffiliate 5.1 for this patch. If you are running an older version, please upgrade to 5.1 before applying this patch.
To protect your sensitive information when signing up for affiliates (or any web service for that matter), follow these tips:
- Do some research about the affilaite system or web service to determine how they store sensitive information like passwords and SSN/VAT. For example, Joomla 1.0.13+ and Joomla 1.5 use 'SALT+MD5' encryption to protect passwords (previous Joomla versions used MD5 encryption only).
- If you are unable to determine if your sensitive information is properly protected by the service provider in question, consider using a unique password for each site/service. A password manager like Keepass is helpful to manage these passwords.
- Finally, tax information is often optional with affiliate programs, so don't supply that information unless absolutley necessary.