BlueGartr - Change your password.

[Fodder]

Regarding forum password security It has come to our attention today (9/9/ 08, that the PHPbb databases were accessed in an unauthorized fashion. We have confirmed that when we were PHPbb2 that the database was definitely compromised. When we split from theorderls.com we upgraded to PHPbb3 which we are not definite on whether it was compromised or not. When we switched to VB, all users were required to change their password, an entirely new database, using VB encryption, was created. After researching various exploits, we have discovered that regardless of forum access, if they knew what they were doing, they could hack it. This is a fault in the PHPbb coding. VB are encrypted in an entirely different method, the difference in coding and considerably more frequent updates leave it less likely to be compromised and significantly more secure. However, we are not invincible, there will always be people out there who can find exploits. The best we can do for you is tell you that your forum password should never be the same as any of your other passwords. We want to reiterate this fact now, in light of the circumstances we have discovered today.

I hope no one was dumb enough to PM their acct info on BG, or here for that matter. Best make sure your other PWs are different from the one you use on BG and you might change that one too.

 

[Eticket]

Ironically, the only info I have in my PMs is Taj's

 

[Lexa]

I haven't ever PM'd account info, and even if I had, I most certainly would have stopped after Taj's little stroll through Ultima people's accounts... That pretty much scared up the entire server.

 

[Eticket]

Also this is speaking of the passwords prior to the Vb switch a month or two ago, not the current ones.

 

[Aangeliceus]

All I have to say is ... DUH.

They were hacked a long time ago and either A) Never realized it or B) Played dumb about it.

That's exactly how they [Taj & Co.] got my password last year, through their database.

 

[Sassafras]

All I have to say is ... DUH.

They were hacked a long time ago and either A) Never realized it or B) Played dumb about it.

That's exactly how they [Taj & Co.] got my password last year, through their database.

<3 Aa ~.^

 

[Aangeliceus]

Oh and it's funny....

I went to get the PM I got from Sonomaa when I specifically stated that they their database was compromised, it's not there. How fucking ironic.

Here's the PM I sent Sonomaa when that shit went down:

Greetings:

Can I get some confirmation as to whether or not what I am being told is true?

I have been told by more than one person that Taj was/is getting passwords from the BG database.

In our case, my Ultima password was the same as BG -- not sure why I did that, but BG is the only place other than Ultima that had that password.

A number of people are saying he has been reversing the MD5 code from the database tables.

I just would like some confirmation as to whether or not you agree with this or disagree. Given the events of the past month, this is becoming a central connection between the events that have transpired.

Your reply is greatly appreciated.

-AA

He did reply and denied that their data was compromised and REFUSED to consider that it just might be. I wish I had copied that PM in some fashion... 'cause, now it's not there.

Fuckers.

 

[Pitlith]

Haha

 

[Talfus]

:safeface: