PHP Freaks forum database hacked

If you don’t bother to read the TOS and policies before you sign up for a site, you may find that there is no way out. Today’s example from PHP Freaks Forum:

It has come to our attention that someone managed to get their hands on a database dump of the phpfreaks members table used in our forum database.

We apologize for the inconvenience and concern this may cause you.

*UPDATED*
Based on research, we believe that the individual(s) responsible utilized some exploits available in the forum software that allowed them to run a php script that dumped the data from the forum user table.

While the passwords are hashed a number of time and in many cases salted, someone who is highly motivated to do so, may be able to derive your original password, especially if you did not use good password practices.

A hash password can not be decrypted, but by generating rainbow tables, crackers can determine if your password matched one of many they may have in a database.

The table also includes your name, so it may or may not associate you with the email address you used to register.

We highly recommend that you take the following actions:

1. Change your password
2. Change the password on any system where you used the same account name/email/password combination.
3. Use unique high/quality passwords on any and all systems you frequent now and in the future.

Should we make any additional determinations or discoveries in relation to this issue, we will provide updates here.

*PLEASE NOTE*

We will not be deleting accounts upon request. We stated that we would not delete accounts for any reason in our TOS when you signed up. Deleting accounts is not going to retrieve the user table data.

Note that Troy Hunt reports 173k accounts were involved.

About the author: Dissent