Two Plus Two Forum Hacked and Temporarily Closed

Debi

Debi

Forum Admin
Administrator
Joined
Oct 13, 2006
Total posts
70,655
Awards
20
Looks like you all need to change your passwords there unless they were unique:

http://pokerfuse.com/news/media-and-software/all-usernames-passwords-on-22-considered-compromised/

At 2+2:

04/26/2012 2:13pm ET: Forums closed for maintenance
On April 26th at approximately 11:20 AM pacific time, the Two Plus Two Forums were closed as a result of a hacker who has displayed the ability to access e-mail addresses and encrypted passwords. He also indicated the ability to decrypt passwords.
While it is unclear the extent of data to which he gained access, e-mail addresses and passwords on the Two Plus Two forums should be considered compromised. If you have used your 2+2 password on any other site, you are advised to change it.
For your security we are closing the forums until the breach is patched.
We hope to be back up as soon as possible.
 
Four Dogs

Four Dogs

Legend
Joined
Apr 13, 2005
Total posts
4,274
Awards
1
They've actually been down all day. "I got closed for maintanance" message around noon ET.
 
Debi

Debi

Forum Admin
Administrator
Joined
Oct 13, 2006
Total posts
70,655
Awards
20
Hmm - that is longer than their message says.
 
Dreams of Tragedy

Dreams of Tragedy

dreamsoftragedy.com
Joined
Dec 30, 2009
Total posts
1,573
i just got the message, they say that they will be closed until the issue is fix......so they got alot of work to do to secure there site
 
WVHillbilly

WVHillbilly

Legend
Joined
Nov 7, 2007
Total posts
22,973
Folks who use the same username/password here/there/where ever should also change their passwords at all other forums. I changed mine here today as soon as I saw the message on 2+2.
 
LarkMarlow

LarkMarlow

Legend
Joined
Jun 26, 2009
Total posts
14,664
Folks who use the same username/password here/there/where ever should also change their passwords at all other forums. I changed mine here today as soon as I saw the message on 2+2.

What if we have the same username but uniquely different passwords for each of our other forums and poker sites? We should be OK then, right?
 
LarkMarlow

LarkMarlow

Legend
Joined
Jun 26, 2009
Total posts
14,664
^

Just reread the email they sent which answered my question. :)

Here's what it said:

Dear Two Plus Two Members,
On April 26th at approximately 11:20 AM pacific time, the Two Plus Two Forums were closed as a result of a hacker who has displayed the ability to access e-mail addresses and encrypted passwords. He also indicated the ability to decrypt passwords.
While it is unclear the extent of data to which he gained access, e-mail addresses and passwords on the Two Plus Two forums should be considered compromised. If you have used your 2+2 password on any other site, you are advised to change it.

For your security, we are closing the forums until the breach is patched. Upon reopening the forums you will be forced to change your password – it is counterproductive to do so now.

We hope to be back up as soon as possible.
Best,
Two Plus Two Interactive
 
Demonomania

Demonomania

Rock Star
Joined
Jan 27, 2012
Total posts
324
I noticed this through a PPA announcement on FB. Didn't consider changing my password (same as 2+2) here until you posted.

Thank you
 
mrmonkey

mrmonkey

Visionary
Joined
Sep 6, 2010
Total posts
680
It was really only a matter of time. If you think about the amount of money that is likely tied to people with poor security practices using the same login and password for their email or online banking transactions, you can see how lucrative it could be for a hacker to spend time on this. It's good they caught it and made the announcement, and it's good for all other players to spread the word.
 
Leo 50

Leo 50

Legend
Joined
Aug 14, 2007
Total posts
1,285
Awards
1
My PW is different on all the web sites I use.

It’s always safer that way
 
B

BlueNowhere

Legend
Joined
Sep 1, 2011
Total posts
4,234
It rules that my 2p2 account has a diff password to anything important and my 2p2 e-mail address is different to anything I use for important stuff.
 
Dorkus Malorkus

Dorkus Malorkus

HELLO INTERNET
Joined
Jul 12, 2005
Total posts
12,422
Yeah I just got the e-mail about this.

Simple rule of thumb - if an account is even vaguely important to you you should have a unique password for it. While I'm pretty sure that the hacker will be too busy trying to get into a lot of prolific 2p2 high-stakes ballas' accounts to bother with any of us, it's really just common sense to at the very least keep unique passwords.
 
Debi

Debi

Forum Admin
Administrator
Joined
Oct 13, 2006
Total posts
70,655
Awards
20
Have they ever opened back up? I can't get in now - the page just won't load.
 
R

RamdeeBen

Legend
Joined
Aug 9, 2010
Total posts
7,745
Me neither, it looks like all their servers are down.

Debs - Any chance you can manually reset my password on here because I can't remember mine and requesting password is not working.

If you can get a reset sent to my email, be grateful, thanks.,
 
Debi

Debi

Forum Admin
Administrator
Joined
Oct 13, 2006
Total posts
70,655
Awards
20
Yep - will send you a password reminder.
 
B

BlueNowhere

Legend
Joined
Sep 1, 2011
Total posts
4,234
I'm pretty sure stars will be aware of the situation atm and block any strange looking transfer attempts so even if he does get a HSP login details there won't be much he can do with it imo.
 
beardyian

beardyian

Scary Clown
Joined
Apr 3, 2005
Total posts
15,845
Awards
2
changed my p/w here - thought id change it to ....oops, almost told lol :D
 
Poof

Poof

Made in the USA
Joined
May 21, 2008
Total posts
14,419
I'm pretty sure stars will be aware of the situation atm and block any strange looking transfer attempts so even if he does get a HSP login details there won't be much he can do with it imo.

I don't think it works that way but I could be wrong....
As Dorkus said I think they will be going for the high rollers, but I changed mine, it is better to be safe than sorry.
 
B

BlueNowhere

Legend
Joined
Sep 1, 2011
Total posts
4,234
I don't think it works that way but I could be wrong....
As Dorkus said I think they will be going for the high rollers, but I changed mine, it is better to be safe than sorry.
Pretty sure at least some transfers go through stars before verification. Not sure of the exact rules but some high stakes players have tried to ship money for sidebets and stars questioned them as to why so he won't just be able to ship everyones funds to one account even if he did obtain access to accounts.
 
P

persistance

Rising Star
Joined
Apr 27, 2012
Total posts
21
2p2 going down was great, I would never have found cardschat otherwise tbh far too many egos on 2p2 imo anyway (but maybe if I was a highstakes winner, I'd have a different view?) anyway... It's good to be here
 
Top