Security alert

Wednesday 16th January 2019

On 13th and 15th January 2019 two members of englishforum.ch reported receiving extortionist emails. These emails revealed their forum passwords written in clear text. The emails went on to threaten these users with blackmail and demanded payment via cryptocurrency.

In both cases the revealed passwords were old. This leads us to believe that a years-old copy of the membership database is circulating in the wild. Although passwords are stored in encrypted format (salted double-MD5 hash) it is possible that some weaker passwords from that leaked version of the database have recently been deciphered.

If you receive such an extortion email, DO NOT pay the ransom.

Instead, change your password. And if you used the same password on any other site, change it there too. It is best practice to use a unique password for each site. Change password now: https://www.englishforum.ch/profile.php?do=editpassword

All members are being emailed this security alert and urged to change their passwords. Accounts with unchanged passwords will be locked. Furthermore, all dormant accounts are being permanently deleted. A dormant account is defined as one which has not logged in for over a year and has never made a public post to the forum.

We have also submitted a "cross-border data breach notification" to the relevant GDPR authority, which in our case is "Datainspektion" in Sweden. We are currently working on upgrading our vBulletin forum software to the latest version. Although we don't know of any security hole in our server, the upgraded vBulletin version should close any unknown holes.

If you prefer to delete your account, please send a brief request to security@englishforum.ch. Your account and all personal data will be permanently deleted. Public posts of deleted accounts will remain online, but labelled as authored by "Guest". For other enquiries relating to data privacy and security on English Forum Switzerland, feel free to also email us at that address.

The timing of this incident suggests it might be related to the "breach of breaches" that was recently in the news. See the Wired article: An astonishing 773 million records exposed in monster breach. From that article: "The breach claims to aggregate over 2,000 leaked databases that contain passwords whose protective hashing has been cracked. It looks like a completely random collection of sites purely to maximize the number of credentials available to hackers. There's no obvious patterns, just maximum exposure."

To our knowledge no other websites belonging to The Local have been affected.

For further information and commentary, see the discussion forum: English Forum security breach?

This page last updated: 08:30 hrs Tuesday 22nd Janary 2019