Two Plus Two Publishing LLC Two Plus Two Publishing LLC
 

Go Back   Two Plus Two Poker Forums > >

Notices

News, Views, and Gossip For poker news, views, and gossip

Reply
 
Thread Tools Display Modes
Old 01-08-2017, 05:34 PM   #1
my_nameaintearl
adept
 
my_nameaintearl's Avatar
 
Join Date: Jul 2014
Posts: 716
2+2 database has been breached?

Per Max silver someone has the database is for sale and the date of the data is dec 7th.

Probably best to change your password
my_nameaintearl is offline   Reply With Quote
Old 01-08-2017, 05:43 PM   #2
SenatorKevin
veteran
 
SenatorKevin's Avatar
 
Join Date: May 2007
Location: Santa Monica
Posts: 2,352
Re: 2+2 database has been breached?

If true, they should immediately take the site offline and reset everyone's passwords so that the database dump is somewhat mitigated. (Doesn't solve password reuse issues obviously)
SenatorKevin is offline   Reply With Quote
Old 01-08-2017, 05:44 PM   #3
mcc3504
veteran
 
mcc3504's Avatar
 
Join Date: Feb 2008
Location: infractions on the reg
Posts: 2,970
Re: 2+2 database has been breached?

I think more importantly be careful if you are dealing with swaps and money thru 2+2 going forward. If breached could be a lot of scams going down soon in the xfer threads.
mcc3504 is offline   Reply With Quote
Old 01-08-2017, 05:52 PM   #4
D1G1TALFOX
grinder
 
D1G1TALFOX's Avatar
 
Join Date: Mar 2011
Location: Paper Street
Posts: 415
Re: 2+2 database has been breached?

Would not be the first time . . .
2p2 Hacked–Do This Stuff Immediately

http://www.nsdpoker.com/2012/04/two-plus-two-hacked/

D1G1TALFOX is offline   Reply With Quote
Old 01-08-2017, 05:54 PM   #5
hobokes
Carpal \'Tunnel
 
hobokes's Avatar
 
Join Date: May 2008
Location: @hobokes
Posts: 6,318
Re: 2+2 database has been breached?

don't re-use passwords obviously
hobokes is offline   Reply With Quote
Old 01-08-2017, 06:00 PM   #6
goodeh
grinder
 
Join Date: Apr 2009
Posts: 424
Re: 2+2 database has been breached?

Hey guys, Max here.

Heard about the leak from a friend I trust. Another twoplustwo user inquired about his password in the database and it was found. I have not seen the database myself so cannot be 100% about the leak; despite this did feel that holding on to this information was irresponsible.

As far as I know the admins have been contacted today.

Here's the advice I gave on twitter.

Quote:
What I know

Database includes accounts created before the 7th of December 2016
The database is for sale to anyone who wishes to buy it
It includes usernames, email address, ip address, birthday, last login date, registered date, password hash
Passwords were encrypted/hashed but anything relatively easy to guess has been decrypted.


Steps to take
1) Change your Password on 2+2
2) Change ALL other passwords that are the same or similair
3) Start using unique passwords for every site, these breaches are so common. I'd reccomend a password manager like lastpass
4) enable 2 factor authentication on any vital accounts/emails
5) Take extra precautions to verify identity when trading via 2+2 via separate mean
As a a side note in the database it included other linked accounts such as social that have shared the same password/email. With the additional information of Birthday I'd take extra precautions on sensitive accounts in the recovery methods. It's not hard to social engineer a lot of the information that many accounts require to perform a full recovery without email access.
goodeh is offline   Reply With Quote
Old 01-08-2017, 06:10 PM   #7
TrustySam
journeygirl
 
TrustySam's Avatar
 
Join Date: Apr 2011
Location: depositing and lending on Kiva
Posts: 1,822
Re: 2+2 database has been breached?

Thanks so much for the heads up - such a pain to change everything (), but better safe than sorry, and all that ...
TrustySam is offline   Reply With Quote
Old 01-08-2017, 06:11 PM   #8
SenatorKevin
veteran
 
SenatorKevin's Avatar
 
Join Date: May 2007
Location: Santa Monica
Posts: 2,352
Re: 2+2 database has been breached?

Hey Max,

All the passwords can be decrypted, but the length of time it takes to decrypt them depends how complexity of the password and how it was hashed.
SenatorKevin is offline   Reply With Quote
Old 01-08-2017, 06:13 PM   #9
my_nameaintearl
adept
 
my_nameaintearl's Avatar
 
Join Date: Jul 2014
Posts: 716
Re: 2+2 database has been breached?

Quote:
Originally Posted by SenatorKevin View Post
Hey Max,

All the passwords can be decrypted, but the length of time it takes to decrypt them depends how complexity of the password and how it was hashed.
the standard vbulletin hash i suppose
my_nameaintearl is offline   Reply With Quote
Old 01-08-2017, 06:13 PM   #10
shakedown
grinder
 
shakedown's Avatar
 
Join Date: Aug 2007
Posts: 486
Re: 2+2 database has been breached?

Were the passwords salted?
shakedown is offline   Reply With Quote
Old 01-08-2017, 06:15 PM   #11
SenatorKevin
veteran
 
SenatorKevin's Avatar
 
Join Date: May 2007
Location: Santa Monica
Posts: 2,352
Re: 2+2 database has been breached?

Quote:
Originally Posted by my_nameaintearl View Post
the standard vbulletin hash i suppose
md5?

I think modern deployments of vBulletin use bcrypt though. Not sure how it works for older instances.
SenatorKevin is offline   Reply With Quote
Old 01-08-2017, 06:26 PM   #12
D1G1TALFOX
grinder
 
D1G1TALFOX's Avatar
 
Join Date: Mar 2011
Location: Paper Street
Posts: 415
Re: 2+2 database has been breached?

The worst part would be if the Admins don't know how the hack happen in the first place as changing Your pass would not mean the exploit is fixed . . .

Also about the annoyance of trying to remember all these diff Pass I agree Password manager's are great . . .
D1G1TALFOX is offline   Reply With Quote
Old 01-08-2017, 06:29 PM   #13
SenatorKevin
veteran
 
SenatorKevin's Avatar
 
Join Date: May 2007
Location: Santa Monica
Posts: 2,352
Re: 2+2 database has been breached?

Quote:
Originally Posted by D1G1TALFOX View Post
The worst part would be if the Admins don't know how the hack happen in the first place as changing Your pass would not mean the exploit is fixed . . .

Also about the annoyance of trying to remember all these diff Pass I agree Password manager's are great . . .
Yes, this is true. I'm just assuming they're running an old version of vBulletin which has had it's history of security vulns.
SenatorKevin is offline   Reply With Quote
Old 01-08-2017, 06:32 PM   #14
2000 East
old hand
 
Join Date: Oct 2014
Location: UK
Posts: 1,200
Re: 2+2 database has been breached?

Ohh I just got asked to update my password and did.. Should I have not?

Last edited by 2000 East; 01-08-2017 at 06:37 PM.
2000 East is offline   Reply With Quote
Old 01-08-2017, 06:36 PM   #15
Mat Sklansky
Administrator
 
Join Date: Aug 2002
Location: This just seems ridiculous to me
Posts: 8,286
Re: 2+2 database has been breached?

This is being investigated. More info will come soon. In the short term, anyone reading this thread, change your password here and anywhere else you may use it.
Mat Sklansky is offline   Reply With Quote
Old 01-08-2017, 06:38 PM   #16
2000 East
old hand
 
Join Date: Oct 2014
Location: UK
Posts: 1,200
Re: 2+2 database has been breached?

I was directed to the VBulletin page and was advised to change my password as it was out dated. Was that legit?
2000 East is offline   Reply With Quote
Old 01-08-2017, 06:39 PM   #17
D1G1TALFOX
grinder
 
D1G1TALFOX's Avatar
 
Join Date: Mar 2011
Location: Paper Street
Posts: 415
Re: 2+2 database has been breached?

Quote:
Originally Posted by 2000 East View Post
Ohh I just got asked to update my password and did.. Should I have not?
I'm fairly sure everyone got the same notice just now, it's a step in the right direction to change your pass, I did . . .

"This morning (1/8) we received notification that the forums had been hacked and have determined that there is a reasonable chance that the hackers obtained enough information to decode passwords (with some effort) as a result. We have no indication at this time that any accounts have been compromised, but we are taking precautions just the same. If you have changed your password within the last 45 days your password should not be at risk, but just in case ,if you haven't changed it, you'll be forced to the next time you login. As always, we recommend that you do not use the same password on multiple sites, but if you have done so we suggest you change the passwords on those sites as well. We also suggest that you do not rely on a user's Two Plus Two Forums identify when conducting any meaningful transaction." -2+2 . . .
D1G1TALFOX is offline   Reply With Quote
Old 01-08-2017, 06:40 PM   #18
Mat Sklansky
Administrator
 
Join Date: Aug 2002
Location: This just seems ridiculous to me
Posts: 8,286
Re: 2+2 database has been breached?

i will have chuck answer.
Mat Sklansky is offline   Reply With Quote
Old 01-08-2017, 06:42 PM   #19
krazykarter
adept
 
Join Date: Jan 2011
Posts: 720
Re: 2+2 database has been breached?

https://www.leakedsource.com/

You can search for your username there. My name comes up for twoplustwo twice, once in a db attained 2016-12-07, and another from 2012-05-08.

EDIT: There is also a hit on my email address in VBulletin from 2016-02-01.
krazykarter is offline   Reply With Quote
Old 01-08-2017, 06:57 PM   #20
Jbrochu
Carpal \'Tunnel
 
Join Date: Jan 2005
Posts: 14,332
Re: 2+2 database has been breached?

Quote:
Originally Posted by 2000 East View Post
I was directed to the VBulletin page and was advised to change my password as it was out dated. Was that legit?
+ 1

Can someone answer if this system request for forced change was legit?
Jbrochu is offline   Reply With Quote
Old 01-08-2017, 06:58 PM   #21
Chuck Weinstock
Administrator
 
Chuck Weinstock's Avatar
 
Join Date: Aug 2002
Posts: 526
Re: 2+2 database has been breached?

As it says in the forum notice we learned that the database had been compromised this morning. We cannot find any evidence that accounts created after approximately November 20 have been compromised but as users you should assume that if you've been a member of the forums since before that date that the information necessary to determine your (unchanged) password is out there.

(Although the people "selling" the database claim a December 7 date we believe this to be wrong.)

We have asked all users to reset their password if it hasn't changed in the last 45 days. You will be prompted to do so the next time you login to the forums.

The actions that Max Silver suggests earlier in this post are incredibly important. To recap them:

1) Change your Password on 2+2
2) Change ALL other passwords that are the same or similair
3) Start using unique passwords for every site, these breaches are so common. I'd reccomend a password manager like lastpass
4) enable 2 factor authentication on any vital accounts/emails
5) Take extra precautions to verify identity when trading via 2+2 via separate means

Feel free to update this thread or PM me with any questions.

Chuck
Chuck Weinstock is offline   Reply With Quote
Old 01-08-2017, 06:58 PM   #22
D1G1TALFOX
grinder
 
D1G1TALFOX's Avatar
 
Join Date: Mar 2011
Location: Paper Street
Posts: 415
Re: 2+2 database has been breached?

Quote:
Originally Posted by Jbrochu View Post
+ 1

Can someone answer if this system request for forced change was legit?
Post 15 and Yes . . .
D1G1TALFOX is offline   Reply With Quote
Old 01-08-2017, 07:02 PM   #23
Jbrochu
Carpal \'Tunnel
 
Join Date: Jan 2005
Posts: 14,332
Re: 2+2 database has been breached?

Quote:
Originally Posted by D1G1TALFOX View Post
Post 15 and Yes . . .
Post 15 doesn't answer the question.

They keep saying we will be forced to change password on next login attempt. My session was interrupted and I was forced to change my password. Nobody has yet confirmed that this was legit.
Jbrochu is offline   Reply With Quote
Old 01-08-2017, 07:05 PM   #24
Chuck Weinstock
Administrator
 
Chuck Weinstock's Avatar
 
Join Date: Aug 2002
Posts: 526
Re: 2+2 database has been breached?

It is legit.
Chuck Weinstock is offline   Reply With Quote
Old 01-08-2017, 07:06 PM   #25
Jbrochu
Carpal \'Tunnel
 
Join Date: Jan 2005
Posts: 14,332
Re: 2+2 database has been breached?

Thanks
Jbrochu is offline   Reply With Quote

Reply
      

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Forum Jump


All times are GMT -4. The time now is 05:15 AM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Search Engine Optimisation provided by DragonByte SEO v2.0.33 (Pro) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Copyright ę 2008-2010, Two Plus Two Interactive
 
 
Poker Players - Streaming Live Online