This is an worrying security update that affects the Joomla world.
Up until now iDevAffiliate – the system used by almost every Joomla affiliate program – has stored passwords and Social Security numbers UNENCRYPTED in the database.
That means if you join an iDevAffiliate program the owner can go along and view your password whether its “12345”, “password” or something more personal. From there they can go back to your site, see other iDev programs that you’re using and try to login to those, pretending to be you. If you’re dumb enough to use the same login for your email also …
What’s the Solution?
They released a patch today to fix it but its unlikely most will upgrade quickly.
It’s worth going to all iDevAffiliate sites you’ve joined and making sure you have a unique login for each and it’s absolutely vital that you make sure your Social Security Number is erased.
Thanks to Vic from Anything Digital for actively pushing an initially reluctant iDevAffiliate to fix this issue.