14 DAY TRIAL // Board.ie, the most popular forum in Ireland with millions of unique visitors each month, suffered a serious security breach yesterday. As a precaution, the website was taken offline and a password reset was triggered for all registered users.
"Today, Thursday 21 Jan 2010 at 11:20 GMT the Boards.ie database was attacked by a source external to Ireland. […] In this attack, part of the database which includes our members’ usernames, email addresses and obfuscated passwords was accessed. While our investigations indicate that individual user accounts are not in danger we have taken the step of changing all user passwords," an official announcement reads.
The website administration has been remarkably opened about this incident and seems to treat it very responsibly. It immediately contacted the Gardai (Irish National Police) and the Data Protection Commissioner. No details regarding the specific attack method or origin have been released, as the investigation is in progress.
An independent security consultancy company has also been asked to advise regarding incident response procedure. “Like all large sites we are regularly the target for disruption and take continual actions to proactively protect your data. This particular attack was completely unprecedented despite our rigorous security measures and while we have no idea if this data will be used for any malicious reasons, we felt it vital to tell you this immediately," the admins write.
The board.ie community website is built using the widely popular vBulletin forum software. Because of the security features implemented on the platform, user passwords were not stored in plain text inside the database. Even so, a decision to have them reset was taken as a precaution.
When the site will be restored, users will have to request new passwords manually. In order to prove their identity, they are required to have access to the e-mail address associated with the account. Admins are still working on an alternative method for cases where users can no longer access the e-mail that was used to register their account with.
The origins of the boards.ie forum date back to 1998, but the site has existed under the current name since 2000. It has over 220,000 registered members who communicate with each other on a variety of topics that touch on all aspects of life.