Hi Everyone,

Just now i was reading an interesting article and thought of sharing with fellow members of myfxbook. This article explains that one of the 4XP web site has got some serious loopholes which can be exploited by any hacker to steal any information about the company from their database. The one thing which deserves attention is the article presents some informative facts from the database to prove the claim of the loophole. From the screenshots attached we can see some confidential information from the database, even though the author of the article made hidden few portion of the screenshot which believes to be 4XP customer's personal identification including mobile no, credit card details etc.

The biggest surprise & funniest part which i came across about this broker, i was browsing a private forum where i first saw the discussion about this broker & from their only i came to know about this article. One member in that forum was claiming that:

'He is the customer of 4Xp & tried contacting their account manager about this hack issue. His account manager simply replied him that they have got confirmation from their IT Security Team that this is not true because the 4XP is a big company has got many officies & a big company's website can't be hacked. Those screenshots doesn't make any sense and is false. The website displaying the article is a setup by another forex broker who is jealous of 4Xp compoany. So, he should not be worried about this issue.'

Isn't it funny? 4XP company doesn't seems to be bothered about the security of their client's information & they are taking it litely and ignoring the worst which may knock their door at any time.

Now here comes my questions for 4XP:

1. Does it make any link between the size of the company & their web security. If they believes they have got 4-5 offices & are so big that their website can't have any security issue then they should learn something from the recent 'SONY PLAYSTATION NETWORK HACK' where 24.6 million user account information were stolen. Do 4XP think they have got the big customer base then Sony?

2. I had a close look of the screenshots posted by the author of the article and didn't see any suspcious thing in that. The screenshot clearly shows some crucial insider information from the database. Which itself confirms there must be some security loophole in their website otherwise how is it possible to capture the database information. If they think this is false, then i request can you please give me some insider database information from Google?

3. The article says the 4XP company is tring to fix this issue since 12-Jul-2012 and as on 04-Aug-2012 the loophole is still active. I have got only one thing to ask: Does their IT security team consist of some school childrens or they don't bother to fix this issue or might be there's another big scam yet to come?

My suggestion to 4XP: grow up guys, this is not a childplay. You are dealing with customer's real financial information and you must show some respect to protect the privacy of your customers. If you fails to do so then you doesn't deserve even 1% vote to be a
good broker.

Guys, what's your opinion on this? Do you think this broker deserves to be a Top Broker as claimed by many independent review siets?



Article Source:
http://www.zsecure.net/blog/vulnerabilities/4xp-sql-injection-vulnerability.html

Funniest party which i recently came across in one of the forum site. One of the 4XP senior manager named 'Jayden Hamilton' try to persuade others that their site is not hacked by saying the information reached by hacker is uselss content and does not include any of your personal information. [See the screenshot of his reply]

In his response itself he confirmed that their database is breached because he itself found saying 'the information reached by hacker is uselss contest .....' this proves the first point 'Their Database Was Hacked'.

Since they are saying the information reached by hacker is useless content and doesn not include any personal information but the screenshots clearly displaying the confidential information i.e. credit card transaction details, customers username & password, residential address, mobile/fax numbers etc.

As per them, if these are not personal information then i would like to ask them 'according to them what constitute a personal information'?

dave90 posted:
Even if they got hacked they should announce it to avoid panicking for their clients
And they try to fox what happen


Agree. This is what i call professionalism. Even when the biggies like Google, Yahoo, Microsoft etc can be hacked then this small incidence is nothing. The point that makes a difference is, A geniune company accept their faults & try to rectify it but scam company like 4XP trying to cover their face & misleading their customers by replying they can't be hacked & all nonsense which could create disaster for them in future.

Do anyone think in today's digital world any system is 100% secure or any company can claim they are 100% hack proof? If anyone is saying, then they must be kidding

dave90 posted:
Now we are on same track but forex firms not like google they afraid from clients to run away


True, they can lie provided they take immediate action to avoid any further possible attacks. But in this case, their loophole is still open (as claimed by the author of the article). This is just a perfect example of complete negligence by the said broker