phpBB2 Refugees Camp Leader
Joined: 24 Jul 2008
Posts: 90 Location: I Live Here
|
Posted: Wed Feb 04, 2009 10:47 am Post subject: Password concerns - phpbb.com compromised |
|
|
I don't think this is new news to anybody but phpbb.com has been offline for quite some time due to a successful hack of the phplist software. Note that it was not the phpBB software that was the entry point for the attack. This situation reinforces the idea that if you run your own server you have to secure all points of entry.
As a result of the hack the phpBB.com user database has been compromised. This means that email addresses used to register on that site are out in the wild now, and you may expect to receive spam on those accounts. If you have the opportunity to change your email address it might be a good idea. This also means that the hashed passwords have also been released. If you use the same password on more than one site (which in our opinion is never a good idea anyway) it's time to change them. If you have logged in at least once on phpbb.com since the conversion to phpBB3 then your password has been rehashed with the newer more secure algorithm. However, if you have never logged on to phpbb.com since the conversion then your password is still stored using the weaker md5 hashing process.
If you use the same username and email address and password to register here, we strongly encourage you to change at least your password. If you do change your email address remember that you will have to reactivate your account. Thanks. _________________ Long Live phpBB2 |
|