The Five Demands

Il database del forum Boards.ie ha subito un attacco senza precedenti che ha scardinato la protezione di dati sensibili degli utenti iscritti

Gli amministratori del forum irlandese Boards.ie ha dato immediata comunicazione di un gravissimo attacco che ha sfondato l’accesso al database in cui sono contenuti dati sensibili degli utenti registrati, come gli indirizzi e-mail e le password di accesso.
Si teme un utilizzo criminoso dei dati ‘rubati’ al database, appartenenenti a centinaia di utenti.
Il forum, nato nel 1998 in relazione a Quake un nuovo gioco per computer, ha aumentato di importanza in progressione. Le statistiche di novembre parlano di 20 milioni di visite, 1,1 milioni di pagine viste, al giorno.
Tom Murphy, fondatore di Boards.ie, ha affermato che come tutti i siti di una certa importanza, il forum è da sempre oggetto di hackeraggi, ma questa volta si è trattato di un attacco senza precedenti.
Boards.ie che dovrebbe tornare correttamente on line nella giornata di venerdì, ha assicurato che si sta procedendo a cambiare le password di accesso di tutti gli utenti e di essere in contatto con Billy Hawkes, Data Protection Commissioner, e un consulente indipendente di sicurezza.

Di seguito il comunicato dell’amministrazione di Board.ie, che capeggia nella homepage:

Fellow Boards Members,

Today, Thursday 21 Jan 2010 at 11:20 GMT the Boards.ie database was attacked by a source external to Ireland.

This triggered our security response policy and as a result we are sending you this warning email.

In this attack, part of the database which includes our members usernames, email addresses and obfuscated passwords was accessed.

While our investigations indicate that individual user accounts are not in danger we have taken the step of changing all user passwords.

We also recommend that if you used the same username/email and password on other sites that you change your password there too as a precaution.

What happened:

• This morning our database server was accessed by an unauthorised source. We discovered this intrusion and took the site offline.
• As a precaution We contacted the Gardaí, the Data Protection Commissioner and an independent security consultancy.
• We have followed the advice we have received on how to proceed.
• Like all large sites we are regularly the target for disruption and take continual actions to proactively protect your data.This particular attack was completely unprecedented despite our rigorous security measures and while we have no idea if this data will be used for any malicious reasons, we felt it vital to tell you this immediately.

What you need to know and do:

• If you use the same password on Boards as you do on other services, you should change it on those other services to be safe. Boards passwords are NOT stored in plain text, they are obscured with the standard vBulletin “Hash”. While this provides strong protection, we have altered all passwords on Boards as a precaution and suggest you take this time to allter other similar passwords.
• If you are a subscriber, please be assured, we do NOT store credit card details or any payment details on our servers. Nothing of that nature is held on our site and as a result such data was not compromised.
• We apologise for this inconvenience. We do not want to over stress the problem, however we felt the situation requires full disclosure.

Tom Murphy.

Update:

We’ve naturally been getting a lot of questions about what exactly has happened and what people can and should be doing. In an effort to help you out, here are some of the more common questions.

Will I get a new password emailed to me?

• We won’t be emailing the new altered passwords to people. When the site returns, you will have to request a new password at http://www.boards.ie/changepassword

I didn’t get the email yet.

• We’re hearing that some services are flagging the email as spam, so please check your spam or junk mail folders and see it it’s there. The emails are being sent in reverse order of who was most recently active on the site. So, if you were on the site when the attack happened, you’ll most likely have been in the first few people to receive the email, but if you hadn’t been on the site in a couple of days, you’ll be closer to the end of the sent list.

I don’t have access to the email I signed up to Boards.ie with anymore, what can I do?

• Unfortunately, we may not be able to release account information in these cases as we have no way of verifying ownership of an account outside of your email address. We are working on a solution for this issue and will keep you updated.

Do you know who attacked the site?

• We can’t really get into the specifics just yet as there is an investigation underway.

(tratto da Boards.ie)

Con l’occasione The Five Demands ricorda a tutti i suoi lettori che siano iscritti a qualsiasi genere di forums, a variare le password periodicamente e da sito a sito, evitando di inserire nei propri profili informazioni sensibili che potrebbero essere oggetto di fini criminosi.

Internet forum database ‘hacked’ (BBC News Northern Ireland)
Irish internet forum Boards.ie has reported an attack on its user database which could affect thousands of users.
In a statement it confirmed that “an unauthorised source” from outside Ireland accessed its database server.
It urged members who use the same username/email and password on other sites to change passwords.
“Part of the database which includes our members’ usernames, email addresses and obfuscated passwords was accessed,” Boards.ie said on its homepage.
The site started life as a forum for the computer game Quake in 1998 and has more than 500 forums on a range of topics.
According to the most recent ABC internet traffic statistics in November, Boards.ie had more than 20m page views, averaging more than 1.1m page views a day.
Tom Murphy, co-founder of Boards.ie said, in a statement, that like all large sites they were “regularly the target for disruption and take continual actions to proactively protect data”.
He said that the attack was “was completely unprecedented despite our rigorous security measures and while we have no idea if this data will be used for any malicious reasons, we felt it vital to tell you this immediately”.
Boards.ie says it is changing all user passwords and has notified Irish police, the Data Protection Commissioner Billy Hawkes and an independent security consultant.
Mr Hawkes said the attack should be taken as a warning to internet users to create different passwords for different websites.
He said his office would be investigating the security breach but he praised the company for pulling the website immediately and alerting its members.
The site has been posting updates on Twitter, with a tweet telling users Boards.ie would “hopefully” be back on Friday morning.