Adognet 1997
Before data breaches became routine headlines, a little-known hosting flaw exposed passwords—prompting swift action and warnings from aDogNet founder Cris Alarcon.
A 2000 MindSpring server flaw exposed passwords on fewer than 100 sites. El Dorado County publisher Cris Alarcon recalls the early cybersecurity lesson.
PLACERVILLE, Calif. — In October 2000, a security vulnerability on MindSpring’s hosting servers briefly exposed password files for dozens of customer websites, an incident now remembered as an early warning of the cybersecurity risks that would later dominate the internet age.
The flaw stemmed from a bug in a third-party e-commerce application known as Web Store. According to contemporaneous accounts, the vulnerability allowed any website hosted on the same MindSpring server to view and download password files belonging to neighboring sites. The exposure was limited to Sun Solaris servers and affected fewer than 100 customer accounts, including the online pet supply retailer aDogNet.com.
MindSpring, which was owned by EarthLink at the time, said the compromised servers did not store sensitive customer data such as credit card numbers. However, so-called “low-level” passwords—used for site administration and access—were accessible to anyone who knew where to look, raising concerns about unauthorized access and misuse.
The company corrected the server configurations on Oct. 18, 2000, and notified affected customers, urging them to change their passwords and avoid dictionary-based credentials. “We moved quickly to close the hole and advised users to strengthen their passwords,” a MindSpring spokesperson said at the time.
Among those directly involved in identifying the scope of the problem was Cris Alarcon, then founder of aDogNet.com and now the owner and operator of El Dorado County-focused news sites InEDC.com and NewsMolo.com. After learning of the software bug, Alarcon said his staff created a custom patch to secure their own site before an official fix was widely deployed.
Alarcon also investigated how widespread the issue might be, discovering through web searches that roughly 2,500 companies were using the same Web Store software. He estimated that as many as half had not yet downloaded a patch, leaving them potentially vulnerable. “The most disturbing part was how easily any site on the same server could read about the flaw and use it to harvest passwords from its neighbors,” Alarcon said.
While aDogNet.com avoided financial exposure by not storing credit card numbers or high-level customer data on the affected servers, the incident underscored a broader lesson that still resonates today: shared hosting environments can amplify risk when a single application flaw goes unchecked.
For El Dorado County readers, Alarcon’s experience offers a local connection to a formative moment in internet security—one that predates modern breach notifications but helped shape today’s emphasis on rapid patching, least-privilege access, and transparent disclosure.
In a Computerworld article from October 23, 2000, Cris Alarcon was identified as the information technology administrator for A Dog Owner’s Network (aDogNet.com). Read the full article at Computerworld.
About Post Author
