The Irish Mitsubishi FTO Owners Club

boards.ie wrote:Fellow Boards Members,

Today, Thursday 21 Jan 2010 at 11:20 GMT the Boards.ie database was attacked by a source external to Ireland. This triggered our security response policy and as a result we are sending you this warning email.

In this attack, part of the database which includes our members usernames, email addresses and obfuscated passwords was accessed. While our investigations indicate that individual user accounts are not in danger we have taken the step of changing all user passwords.

We also recommend that if you used the same username/email and password on other sites that you change your password there too as a precaution.

What happened:

* This morning our database server was accessed by an unauthorised source.
* We discovered this intrusion and took the site offline.
* As a precaution We contacted the Gardaí, the Data Protection Commissioner and an independent security consultancy.
* We have followed the advice we have received on how to proceed.
* Like all large sites we are regularly the target for disruption and take continual actions to proactively protect your data. This particular attack was completely unprecedented despite our rigorous security measures and while we have no idea if this data will be used for any malicious reasons, we felt it vital to tell you this immediately.

What you need to know and do:

* If you use the same password on Boards as you do on other services, you should change it on those other services to be safe. Boards passwords are NOT stored in plain text, they are obscured with the standard vBulletin "Hash". While this provides strong protection, we have altered all passwords on Boards as a precaution and suggest you take this time to allter other similar passwords.
* If you are a subscriber, please be assured, we do NOT store credit card details or any payment details on our servers. Nothing of that nature is held on our site and as a result such data was not compromised.
* We apologise for this inconvenience. We do not want to over stress the problem, however we felt the situation requires full disclosure.

Tom Murphy.

Update:

We've naturally been getting a lot of questions about what exactly has happened and what people can and should be doing. In an effort to help you out, here are some of the more common questions.
Will I get a new password emailed to me?

* We won't be emailing the new altered passwords to people. When the site returns, you will have to request a new password at http://www.boards.ie/changepassword

I didn't get the email yet.

* We're hearing that some services are flagging the email as spam, so please check your spam or junk mail folders and see it it's there. The emails are being sent in reverse order of who was most recently active on the site. So, if you were on the site when the attack happened, you'll most likely have been in the first few people to receive the email, but if you hadn't been on the site in a couple of days, you'll be closer to the end of the sent list.

I don't have access to the email I signed up to Boards.ie with anymore, what can I do?

* Unfortunately, we may not be able to release account information in these cases as we have no way of verifying ownership of an account outside of your email address. We are working on a solution for this issue and will keep you updated.

Do you know who attacked the site?

* We can't really get into the specifics just yet as there is an investigation underway.

boards.ie wrote:Site update, Friday 22 Jan 2010, 11:40am

Hello all, thank you for your patience. We are currently bringing the site back online.

Please note, you will *NOT* be emailed a new password before the site is live.

When the site is live, you will see a link to change your password. You will be asked to enter your email address.

When you have done this, you will be sent an email from no-reply@boards.ie with a link to change your password and have a new one emailed to you. Your Boards.ie username will be included in this email.

If you no longer have access to the email address you signed up with, we are working on a way for you to verify your account with us - please bear wth us, we'll keep you updated on this.

We will announce when the site is live from our twitter account at http://www.twitter.com/boards_ie.

Please be patient when requesting your new password - our automated system may be under pressure.

All threads, posts, Private Messages and adverts on adverts.ie will still be intact.

If you have any queries, drop us a line to hello@boards.ie.

Thank you!