2+2, one of the poker community’s largest forums, has been the subject of a data breach which has resulted in user’s details being posted for sale.
According to forum user and English poker pro Max Silver, the site’s database was breached by hackers and the details of any account created before December 7, 2016, are vulnerable.
After posting the information on his Twitter page, Silver took to 2+2 to explain the situation in more detail.
Players Urged to Take Action
Although he hasn’t physically seen the database himself and can’t be “100 percent about the leak,” Silver trusts his source. As detailed in his forum post, Silver’s friend inquired about his details (we assume in the place where the database is for sale) and they were found in the leaked data.
Since discovering the security breach, an official thread has been started by 2+2 veteran, Thunderbolts. Following some investigations, it’s believed the hack took place on or before December 7, 2016, and the perpetrators managed to steal the following information:
Usernames
Passwords
Email addresses
IP addresses associated each account
Dates of birth
Possibly the password salt (a way of encrypting passwords)
As a matter of necessity, all 2+2 users are being asked to change their passwords immediately. Additionally, anyone with a forum account should change their passwords on other sites and enable two-factor authentication wherever possible.
A Serious Issue if Ignored
Although the extent of the damage caused by the hack might not be known for some time as it’s unclear how much of the database is out there for sale, this isn’t the first time 2+2 has been hacked. As reported by Noah Stephens-Davidowitz in 2012, the forum was taken down after the system was compromised.
However, on that occasion it wasn’t clear whether the vulnerability that allowed the hack to take place was still in place. With this in mind, Noah Stephens-Davidowitz urged forum users not to change their 2+2 password but to change it everywhere else.
This time around, one user has already suggested that he almost lost his bankroll as a result of the attack.
“In early December my PokerStars account was hacked into, password and registered email account modified. The hacker attempted to cash out all my funds but fortunately I was able to rescue them by quickly notifying Stars security (the cash out was not processed straight away),” wrote Mr. Invisible.
At this stage, the security team at 2+2 are looking into the issue and making the necessary fixes to ensure further breaches don’t occur. While that’s taking place, users are being asked to review the advice from Silver and post any further information they come across.