Dear All,
Firstly, this is one of those posts you never plan to do, but we feel it ss important to update everyone and protect as best we can.
We have sent notifications to all members who have been active in the last 6 months to notify them that they need to change their password because of a security leak due to a series of vulnerabilities in vB, some of which have been of a high severity over the past few months. We have been patching these, but as a high-traffic site there’s always an increased risk, and we want to protect all users and admins the best we can.
Whilst the vB passwords are salted and hashed, and are safely stored, we recommend users choose strong passwords, as these security methods are weakened by common, short, or simple passwords.
Please be vigilant against fake/phishing emails going forwards; we rarely email people on the forums and we would never ask for your username or password. If you are not sure if the email is genuine, please, of course, double check.
We wanted to be transparent with you - the only information which we believe the latest attack could have taken is email, IP, and salted/hashed password.
We want to apologise for any inconvenience caused, and we wanted to notify you as soon as information has come to light in order to protect you.
The forums are fully patched and secure per vBulletin’s guidelines, and we are keeping an eye on things.
Thanks
David