Comments on: How Does Netvibes Store Our Email Passwords?

By: slacker

slacker — Fri, 29 Mar 2013 05:43:46 +0000

Just signed up for netvibe using my Hotmail account.
two days later someone is sending spam from my Hotmail account.
Never had my Hotmail account hacked before.
Oh please bring back google reader.

By: bw

bw — Mon, 03 Dec 2012 10:09:24 +0000

When using Fiddler to inspect the dataflow from my browser I also observed the following:

* regarding the popmail widget: the message subject information is NOT ENCRYPTED when it comes back from the Netvibes server. Anyone can read the subjects of your mail.
* even more scary: when logging in into Netvibes your Netvibes username and password are NOT encrypted before sending to Netvibes. After someone has sniffed your username/password at the internet he can use all your accounts (mail, google etc) without knowing your password.

Be aware!

By: frank

frank — Sun, 12 Aug 2012 01:06:20 +0000

vince,

Change all of your passwords immediately!

By: vincentweb

vincentweb — Tue, 05 Apr 2011 01:49:20 +0000

is this serious? i’m just start using this netvibes and i have all my social networking in netvibes, FB, Gmail, Hotmail, Yahoo, Twiiter and many more…i almost expose all my password to netvibes. pls tell me its ok else i’m going to delete the widget away frm my acc.

By: HeBu

HeBu — Thu, 03 Jun 2010 08:33:35 +0000

I really don’t think Netvibes abuses or gives away passwords of their users. But there were some recent Hotmail account hijacks by spammers (about half a year ago) and maybe you used the same passwords for Gmail?

But to be sure to leave Netvibes in a clean status: I entered some fake account data (username and password) in my mail and twitter widgets, before deleting them. So I hope, my logins were overwritten with nonsens data in the Netvibes database.

By: HeBu

HeBu — Thu, 03 Jun 2010 08:26:47 +0000

At least for Twitter it would be a more secure way to connect. For mail accounts it would be nice to have the option to enter the password once per session, so it would not be stored in the database, only client-side.

By: Jb

Jb — Thu, 03 Jun 2010 03:52:43 +0000

So I am an idiot and gave my passwords to Netvibes for gmail and my msnlive id and now BOTH my email accounts have been hacked to send spam. I’m currently locked out of he msn account – someone or something has changed my password and I can’t get in. DON’T Do It!

By: Matt

Matt — Thu, 22 Apr 2010 20:11:09 +0000

OAuth *would* be more secure, in that nobody sees your password and you can easily revoke access, but there’s one problem: how many email providers offer OAuth authentication? (I don’t even know if the POP/IMAP protocols would support it…)

By: HeBu

HeBu — Thu, 22 Apr 2010 11:03:58 +0000

I contacted Netvibes on this and they told me, that the passwords of the Twitter & mail widgets are stored with a two-way encryption, with “only” three Netvibes workers knowing the key to it.

In fact a bit scary. Wouldn’t it be much more secure, if they used OAuth?

Does anyone know something about how PageFlakes does the storing of the login data?

By: Matt

Matt — Tue, 18 Dec 2007 17:45:10 +0000

That’s what I thought. Scary, isn’t it?

Thanks for the well written comment.