Fellow Boards Members,
Today, Thursday 21 Jan 2010 at 11:20 GMT the Boards.iedatabase was attacked by a source external to Ireland. This triggeredour security response policy and as a result we are sendingyou this warning email.
In this attack, part of the database which includes ourmembers usernames, email addresses and obfuscated passwords wasaccessed. While our investigations indicate that individualuser accounts are not in danger we have taken the step of changing alluser passwords.
We also recommend that if you used the same username/email andpassword on other sites that you change your password there too as aprecaution.
- This morning our database server was accessed by anunauthorised source.
- We discovered this intrusion and took the site offline.
- As a precaution We contacted the Gardaí, the DataProtection Commissioner and an independent security consultancy.
- We have followed the advice we have received on how toproceed.
- Like all large sites we are regularly the target fordisruption and take continual actions to proactively protect yourdata. This particular attack was completely unprecedenteddespite our rigorous security measures and while we have no idea ifthis data will be used for any malicious reasons, we felt it vital totell you this immediately.
What you need to know and do:
- If you use the same password on Boards as you do on otherservices, you should change it on those other services to be safe.Boards passwords are NOT stored in plain text, they are obscured withthe standard vBulletin “Hash”. While this provides strong protection,we have altered all passwords on Boards as a precaution and suggest youtake this time to allter other similar passwords.
- If you are a subscriber, please be assured, we do NOT storecredit card details or any payment details on our servers. Nothing ofthat nature is held on our site and as a result such data was notcompromised.
- We apologise for this inconvenience. We do not want to overstress the problem, however we felt the situation requires fulldisclosure.
We’ve naturally been getting a lot of questions about whatexactly has happened and what people can and should be doing. In an effort to help you out, here are some of the more commonquestions.Will I get a new passwordemailed to me?
- We won’t be emailing the new altered passwords topeople. When the site returns, you will have to request a newpassword at http://www.boards.ie/changepasswordI didn’t get the email yet.
- We’re hearing that some services are flagging the email asspam, so please check your spam or junk mail folders and see it it’sthere. The emails are being sent in reverse order of who wasmost recently active on the site. So, if you were on the sitewhen the attack happened, you’ll most likely have been in the first fewpeople to receive the email, but if you hadn’t been on the site in acouple of days, you’ll be closer to the end of the sent list.I don’t have access to theemail I signed up to Boards.ie with anymore, what can I do?
- Unfortunately, we may not be able to release accountinformation in these cases as we have no way of verifying ownership ofan account outside of your email address. We are working on asolution for this issue and will keep you updated.Do you know who attackedthe site?
- We can’t really get into the specifics just yet as there isan investigation underway.
Things to check out:
Boards.ie / Adverts.ie hacked – Look on the bright side at least the user database will be alot more accurate.