Many commercial venture websites are usign affiliate programs to encourage others to link to their website to gain referrals. This is also very true in the JoomlaSphere. In fact there are many Joomla related websites using an affiliate software to help them track referrals and pay the affiliates.

One such affiliate software program is called iDevaffiliate. This software is a very widely use program by many businesses. In fact we use iDevaffiliate for our own affiliate software on Joomla Showroom.

Keep reading to find out  what was recently discovered. 

A few days ago our good friend Victor Drover at Anything Digital discovered that the passwords and Social Security numbers were not being encrypted for the affiliates when they sign up for the affiliate accounts.

What does this mean? This means that any administrator to the affiliate software can log into iDevaffiliate and view your username and password. If you are using the same password for your listed website in your affiliate account, email etc then that administrator can go and look up all of your personal emails and access your websites. Or even worse, possibly other things like your bank account depending on how far they can get using your usernames and passwords. Heaven forbid that someone's affiliate program itself gets hacked by some bad guy that now has access to all of those usernames and passwords.

Victor and I had both emailed the iDevaffiliate developer and stated our concern with this oversight. We are very happy to say that the iDev developer was VERY quick to respond by providing us a patch to test that solves this oversight.

We are very impressed with the speed of this release  and we recommend iDevaffiliate for anyone that is looking to use an affiliate software on their website.

Here is their official announcement from iDevaffiliate:

A new system update has been released for iDevaffiliate.  This update will encrypt affiliate account passwords in the database as well as encrypt social security / VAT numbers in the database.   Although these measures will greatly decrease the likelihood of this data being compromised, we strongly suggest making sure you have properly secured your database server as well.  This update is included along with a couple other patches and can be found at the following URL.

http://www.idevsupport.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=21&nav=0

Please download the patch file and unzip it to your local hard drive.  There are two readme files.  One contains information about the patch.  The other contains instructions on how to perform the patch.  Updating your system with the latest patch shouldn’t take more than a couple minutes.

Requirements: You must be running iDevaffiliate 5.1 for this patch.  If you are running an older version, please upgrade to 5.1 before applying this patch.

 The Joomla Showroom affiliate software has been patched. Joomla Showroom respects our users right to privacy and we would never knowingly risk the information you have trusted us with to get into "bad people's hands".

Thank you for trusting Joomla Showroom