Thursday, April 10, 2008
Posted by Jason Dunn in "Thoughts Media Status Updates" @ 06:30 AM
A community member brought up an interesting point that I hadn't thought much about: although there's no indication that the hacker copied our user database, it is of course possible that he looked up individual user entries and copied data from them. The most sensitive user information we store is your email address (and your password if you didn't use a password unique to this site), which we never share with anyone else, but it's technically possible that the hacker got his hands on it. Unlike some of the other previous hacks we've dealt with, this one didn't seem to be motivated by profit or a desire to distribute spyware. I highly doubt anyone will start to get any spam to the address in their profile from this incident, but I felt it best to bring this issue to your attention in case something unusual does start to happen. Hopefully this is much-ado about nothing.
UPDATE: I've been informed that vBulletin encrypts the user passwords in it's database, so it's highly unlikely that anyone's passwords were compromised. Good news!