Important notice for anyone who has a BOARDS.IE account
Posted: Fri Jan 22, 2010 12:54 pm
Some of you may have signed up to boards.ie. If your username and password is shared with other forum accounts then you should change the password on your other accounts.
boards.ie wrote:Fellow Boards Members,
Today, Thursday 21 Jan 2010 at 11:20 GMT the Boards.ie database was attacked by a source external to Ireland. This triggered our security response policy and as a result we are sending you this warning email.
In this attack, part of the database which includes our members usernames, email addresses and obfuscated passwords was accessed. While our investigations indicate that individual user accounts are not in danger we have taken the step of changing all user passwords.
We also recommend that if you used the same username/email and password on other sites that you change your password there too as a precaution.
What happened:
* This morning our database server was accessed by an unauthorised source.
* We discovered this intrusion and took the site offline.
* As a precaution We contacted the GardaĆ, the Data Protection Commissioner and an independent security consultancy.
* We have followed the advice we have received on how to proceed.
* Like all large sites we are regularly the target for disruption and take continual actions to proactively protect your data. This particular attack was completely unprecedented despite our rigorous security measures and while we have no idea if this data will be used for any malicious reasons, we felt it vital to tell you this immediately.
What you need to know and do:
* If you use the same password on Boards as you do on other services, you should change it on those other services to be safe. Boards passwords are NOT stored in plain text, they are obscured with the standard vBulletin "Hash". While this provides strong protection, we have altered all passwords on Boards as a precaution and suggest you take this time to allter other similar passwords.
* If you are a subscriber, please be assured, we do NOT store credit card details or any payment details on our servers. Nothing of that nature is held on our site and as a result such data was not compromised.
* We apologise for this inconvenience. We do not want to over stress the problem, however we felt the situation requires full disclosure.
Tom Murphy.
Update:
We've naturally been getting a lot of questions about what exactly has happened and what people can and should be doing. In an effort to help you out, here are some of the more common questions.
Will I get a new password emailed to me?
* We won't be emailing the new altered passwords to people. When the site returns, you will have to request a new password at http://www.boards.ie/changepassword
I didn't get the email yet.
* We're hearing that some services are flagging the email as spam, so please check your spam or junk mail folders and see it it's there. The emails are being sent in reverse order of who was most recently active on the site. So, if you were on the site when the attack happened, you'll most likely have been in the first few people to receive the email, but if you hadn't been on the site in a couple of days, you'll be closer to the end of the sent list.
I don't have access to the email I signed up to Boards.ie with anymore, what can I do?
* Unfortunately, we may not be able to release account information in these cases as we have no way of verifying ownership of an account outside of your email address. We are working on a solution for this issue and will keep you updated.
Do you know who attacked the site?
* We can't really get into the specifics just yet as there is an investigation underway.