14 DAY TRIAL // TwoPlusTwo.com, the popular poker forum, has been shut down after its administrators noticed that a hacker managed to gain unauthorized access to sensitive information stored in the site’s database. According to PokerView, the breach took place on April 26, the site’s customers immediately being notified on the incident via email.
“While it is unclear the extent of data to which he gained access, e-mail addresses and passwords on the Two Plus Two forums should be considered compromised. If you have used your 2+2 password on any other site, you are advised to change it,” Two Plus Two representatives said.
After the incident was made public, Noah Stephens-Davidowitz, the founder and editor-in-chief of “Subject: Poker” made a post on his personal blog revealing that the attacker accessed usernames, email addresses, hashed passwords and password salts.
He warned Two Plus Two users that they must assume the hackers decrypted the passwords, mainly because they were encrypted with MD5, which is known to be less secure than SHA, for instance.
Stephens-Davidowitz also advises the forum’s customers to change their passwords on other sites if they relied on the same one to protect them. If the hacker is operating for a profit, most likely he will try to access email, banking and other poker accounts that may contain payment card details.
“However, do not change your password on 2p2. As far as I know, the vulnerability still exists, so changing your 2p2 password will just give you another potentially compromised password to worry about,” he explained. “You obviously will want to change your password eventually, but now is not the time.”
At press time, twoplustwo.com was still down, but hopefully its administrators will manage to address the issues that allowed the hacker to breach their systems in the first place.