Not a post I'm happy about posting (major deal internally, obviously) but here's the press release we sent out today regarding the incident we've had:
Today, Thursday 21 Jan 2010 at 11:20 GMT the Boards.ie database was attacked by source from outside the country. This breach was discovered during routine security monitoring. We discovered this intrusion and took the site offline.
In the attack, part of the database which includes our members usernames, email addresses and obfuscated passwords was accessed. We are currently working with independent security consultants to ensure our systems are secure.
We are advising all members to check the passwords they use with any online services and to change it if it's the same one they used on Boards.ie
Our initial belief is that this attack was intended as a disruption to our service rather than to get member data. It may be possible for the attackers to read passwords and other data. At this early stage of the incident, members security is our primary concern.
Our basic message to members is:
If you have used the same password you used on Boards.ie on any other service, we urgently advise you to change it on these services. This includes any social networking account you may have.
Data stored by Boards.ie on members included only their email addresses, passwords, usernames and profile data. We did not store or have any record of home addresses, credit card details, online payment details or other personal financial data.
Boards.ie passwords are NOT stored in plain text, they are obscured with the standard vBulletin "Hash". While this provides strong protection, we have altered all passwords on Boards as a precaution and suggest you take this time to allter other similar passwords.
Like all large websites, we are regularly the target for disruption and take continual actions to proactively protect our member data. This particular attack was completely unprecedented despite our rigorous security measures.
We will keep you updated with any information you have about this, primarily for now via our twitter account at http://www.twitter.com/boards_ie. You do not need to be a member of twitter to read this.
We are extremely sorry for any inconvenience this has caused.
Members can contact us at firstname.lastname@example.org