Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 22nd, 2010 Database Breached, Admins Reset Passwords For All Members, the most popular forum in Ireland with millions of unique visitors each month, suffered a serious security breach yesterday. As a precaution, the website was taken offline and a password reset was triggered for all registered users.

“Today, Thursday 21 Jan 2010 at 11:20 GMT the database was attacked by a source external to Ireland. […] In this attack, part of the database which includes our members’ usernames, email addresses and obfuscated passwords was accessed. While our investigations indicate that individual user accounts are not in danger we have taken the step of changing all user passwords,” an official announcement reads.

The website administration has been remarkably opened about this incident and seems to treat it very responsibly. It immediately contacted the Gardai (Irish National Police) and the Data Protection Commissioner. No details regarding the specific attack method or origin have been released, as the investigation is in progress.

An independent security consultancy company has also been asked to advise regarding incident response procedure. “Like all large sites we are regularly the target for disruption and take continual actions to proactively protect your data. This particular attack was completely unprecedented despite our rigorous security measures and while we have no idea if this data will be used for any malicious reasons, we felt it vital to tell you this immediately,” the admins write.

The community website is built using the widely popular vBulletin forum software. Because of the security features implemented on the platform, user passwords were not stored in plain text inside the database. Even so, a decision to have them reset was taken as a precaution.

When the site will be restored, users will have to request new passwords manually. In order to prove their identity, they are required to have access to the e-mail address associated with the account. Admins are still working on an alternative method for cases where users can no longer access the e-mail that was used to register their account with.

The origins of the forum date back to 1998, but the site has existed under the current name since 2000. It has over 220,000 registered members who communicate with each other on a variety of topics that touch on all aspects of life.

Credit: News

Share this item with others:

More on CyberInsecure:
  • PlentyOfFish Resets User Passwords After Registration Details Theft
  • DivShare Online Storage Breached, Basic Members Data Accessed By Hacker
  • Several SourceForge Servers Breached, All Passwords Are Being Reset
  • Chinese Spammers Target US And UK Firms, 40000 RIBA Members Warned
  • Critical Password-Reset Forgery Vulnerability In Joomla

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Database Breached, Admins Reset Passwords For All Members

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.