I got an email from gmail saying there was suspicious activity on my account (they said a suspected hacking attempt) and they sent me an ip address and the location.The same day someone accessed my Facebook and changed my email on the account.

Never had problems before and both were the same password as my 2+2 account so I assumed it was related to the forum being hacked.

Passwords all changed now so hopefully that'll be that.

Glad my pw was unique on here. Welcome back!!!

I...I just never knew I had these feelings for an internet forum.

It never would have happened if Ronald Reagan were the president.

if you don't mind, send me an email with more details about that. if you prefer not to, i understand. mat@twoplustwo.com

Can you tell us what the motivations were?

What steps are being taken to track down the hackers? Is there any way they can be caught?

No problem Mat,I'll forward it on to you.

maybe this was all a plot from mat sklansky to get backfromabannin's email address.

It's already readily available on most European swinger websites.

Welcome back 2+2 we've missed you.

So which past Main Event winner was behind it then? They seem to be behind all the biggest scandals.

So happy we are back! Nearly posted on P5s in the down time, but thankfully I resisted.

Phil Hellmuth is STILL a giant douchebag.

(Been too long since I posted that. Welcome Back NVG)

My facebook got locked about 2 days after 2p2 shut down. They said someone from Cape Town Africa was logging in and it looked suspicious so they locked it until I told them it was me or until I changed my password, in which i did. Was the only other account I used same password as 2p2. Wonder if it was the same d-bag? Dunno what they would want from my facebook lol but who knows. Odd.

As an admin on another vb3 site, there's nothing in the default admin section that allows you to read PM's. However, they are stored in the database and could be read by someone with access to the database. Also, it is possible to make a custom modification to the admin section to read PM's.

i heard it was a systematic attack by a rival in the poker industry. dum dum dum.... the plot thickens.

Does anyone have a spare F5 button for sale??

Much appreciated.

i actually lost my twitter account to this ( i didn't realize it for a couple of days) changed the password. done.

I wasn't a hacking. We all got banned for two weeks.

What happened is that you discovered 2+2 has no reasonable contingency plan in place.

Hopefully that has changed, now. Taking the forums offline for 2 weeks is inexcusable, from an IT perspective.

It was probably some 14 year old kid that got banned

Does this mean Jungleman has to make another screenname

Oh how I missed you when I was at work.

someone changed my itunes account address (just the city, state and zip, not street and #) and my credit card number (to an amex, and i don't haz amex)

I am glad that the site is back.

I would just like to note the "security" updates put in place are lucklaster.

Passwords are hashed with MD5 on the client-side before being sent. OK, that is better than being sent in plaintext, however, this is not the approach real websites use to secure user information. They do the following:

1) Ensure there is an encrypted connection everytime a password is being sent. 2+2 does not do this. Setting up SSL is neither expensive nor complicated, and 2+2 should do it if it cares about securing people's accounts. If somebody logs into 2+2 via a wireless connection for example, it doesn't matter that the login form is only sending a hash, I can just snoop the hash and then login with it. I don't know the person's password, but I know their password hash which is just as good. 2+2 should use an encrypted login form to prevent people from snooping login information.
2) Store the password hash using a strong hashing algorithm. There is no way to know if 2+2 is doing this or not, but given the history of what just happened I'm assuming they are probably just taking the client-side hashing and storing that, which would be very bad. MD5 is a weak and broken hashing algorithm, and there is no reason it should be used for cryptography anymore.
3) Good websites *never* sent passwords in plaintext in emails. This is especially comical for 2+2 because after you verify your email and are sent to a webpage, that webpage just emails you a password. The correct way would be for that page to securely allow you to set your password instead of emailing you a temporary one.