boards.ie hacked!

http://www.boards.ie/vbulletin/private.php

We are undergoing maintenance

Fellow Boards Members,

Today, Thursday 21 Jan 2009 at 11:20 GMT the Boards.ie database was attacked by a source external to Ireland. This triggered our security response policy and as a result we are sending you this warning email.

In this attack, part of the database which includes our members usernames, email addresses and obfuscated passwords was accessed. While our investigations indicate that individual user accounts are not in danger we have taken the step of changing all user passwords.

We also recommend that if you used the same username/email and password on other sites that you change your password there too as a precaution.

What happened:

* This morning our database server was accessed by an unauthorised source.
* We discovered this intrusion and took the site offline.
* As a precaution We contacted the Gardaí, the Data Protection Commissioner and an independent security consultancy.
* We have followed the advice we have received on how to proceed.
* Like all large sites we are regularly the target for disruption and take continual actions to proactively protect your data. This particular attack was completely unprecedented despite our rigorous security measures and while we have no idea if this data will be used for any malicious reasons, we felt it vital to tell you this immediately.

What you need to know and do:

* If you use the same password on Boards as you do on other services, you should change it on those other services to be safe. Boards passwords are NOT stored in plain text, they are obscured with the standard vBulletin “Hash”. While this provides strong protection, we have altered all passwords on Boards as a precaution and suggest you take this time to allter other similar passwords.
* If you are a subscriber, please be assured, we do NOT store credit card details or any payment details on our servers. Nothing of that nature is held on our site and as a result such data was not compromised.
* We apologise for this inconvenience. We do not want to over stress the problem, however we felt the situation requires full disclosure.

Tom Murphy.

I am so glad that the password that I use for my boards account is not used for anything else, I am a but concerned re the email address but time will tell.
All of the sites and domains which boards ltd own are down and may remain so while they figure out what happened.

The timing it seems was pretty awful with some of the threads which were on going and hot topics on the site in the helpdesk forum and feedback forums. While this enforced time out mean that people will have cooler heads going back or result in them feeling that well I managed with out the site for an extended amount of time and detach from it?

As ever we live in intresting times and it will be interesting to see what the impact down time and breach in security will lead to, and who will profit by it, if anyone.

Leave a Reply