Per Max silver someone has the database is for sale and the date of the data is dec 7th.

Probably best to change your password

If true, they should immediately take the site offline and reset everyone's passwords so that the database dump is somewhat mitigated. (Doesn't solve password reuse issues obviously)

I think more importantly be careful if you are dealing with swaps and money thru 2+2 going forward. If breached could be a lot of scams going down soon in the xfer threads.

Would not be the first time . . .
2p2 Hacked–Do This Stuff Immediately

http://www.nsdpoker.com/2012/04/two-plus-two-hacked/

don't re-use passwords obviously

Hey guys, Max here.

Heard about the leak from a friend I trust. Another twoplustwo user inquired about his password in the database and it was found. I have not seen the database myself so cannot be 100% about the leak; despite this did feel that holding on to this information was irresponsible.

As far as I know the admins have been contacted today.

Here's the advice I gave on twitter.

As a a side note in the database it included other linked accounts such as social that have shared the same password/email. With the additional information of Birthday I'd take extra precautions on sensitive accounts in the recovery methods. It's not hard to social engineer a lot of the information that many accounts require to perform a full recovery without email access.

Thanks so much for the heads up - such a pain to change everything (), but better safe than sorry, and all that ...

Hey Max,

All the passwords can be decrypted, but the length of time it takes to decrypt them depends how complexity of the password and how it was hashed.

the standard vbulletin hash i suppose

Were the passwords salted?

md5?

I think modern deployments of vBulletin use bcrypt though. Not sure how it works for older instances.

The worst part would be if the Admins don't know how the hack happen in the first place as changing Your pass would not mean the exploit is fixed . . .

Also about the annoyance of trying to remember all these diff Pass I agree Password manager's are great . . .

Yes, this is true. I'm just assuming they're running an old version of vBulletin which has had it's history of security vulns.

Ohh I just got asked to update my password and did.. Should I have not?

This is being investigated. More info will come soon. In the short term, anyone reading this thread, change your password here and anywhere else you may use it.

I was directed to the VBulletin page and was advised to change my password as it was out dated. Was that legit?

I'm fairly sure everyone got the same notice just now, it's a step in the right direction to change your pass, I did . . .

"This morning (1/8) we received notification that the forums had been hacked and have determined that there is a reasonable chance that the hackers obtained enough information to decode passwords (with some effort) as a result. We have no indication at this time that any accounts have been compromised, but we are taking precautions just the same. If you have changed your password within the last 45 days your password should not be at risk, but just in case ,if you haven't changed it, you'll be forced to the next time you login. As always, we recommend that you do not use the same password on multiple sites, but if you have done so we suggest you change the passwords on those sites as well. We also suggest that you do not rely on a user's Two Plus Two Forums identify when conducting any meaningful transaction." -2+2 . . .

i will have chuck answer.

https://www.leakedsource.com/

You can search for your username there. My name comes up for twoplustwo twice, once in a db attained 2016-12-07, and another from 2012-05-08.

EDIT: There is also a hit on my email address in VBulletin from 2016-02-01.

+ 1

Can someone answer if this system request for forced change was legit?

As it says in the forum notice we learned that the database had been compromised this morning. We cannot find any evidence that accounts created after approximately November 20 have been compromised but as users you should assume that if you've been a member of the forums since before that date that the information necessary to determine your (unchanged) password is out there.

(Although the people "selling" the database claim a December 7 date we believe this to be wrong.)

We have asked all users to reset their password if it hasn't changed in the last 45 days. You will be prompted to do so the next time you login to the forums.

The actions that Max Silver suggests earlier in this post are incredibly important. To recap them:

1) Change your Password on 2+2
2) Change ALL other passwords that are the same or similair
3) Start using unique passwords for every site, these breaches are so common. I'd reccomend a password manager like lastpass
4) enable 2 factor authentication on any vital accounts/emails
5) Take extra precautions to verify identity when trading via 2+2 via separate means

Feel free to update this thread or PM me with any questions.

Chuck

Post 15 and Yes . . .

Post 15 doesn't answer the question.

They keep saying we will be forced to change password on next login attempt. My session was interrupted and I was forced to change my password. Nobody has yet confirmed that this was legit.

It is legit.

Thanks