Blog

Security alert - please change your password

Dear all,
we have detected an intrusion in our server. The attackers were able to upload PHP files containing malicious code. We don't know when this exactly happened, the files, potentially, could also have been uploaded long time ago.

We don't know if the attackers actually accessed our database but potentially they could have done it, which means they could have accessed the data related to the forum users.

The forum platform we are using ( http://phorum.org ) stores passwords using md5, which means passwords are encrypted but, especially if the password is a common word or is made by using a simple variation / combination of common words, it could be decrypted using an attack based on rainbow tables (https://en.wikipedia.org/wiki/Rainbow_table).

Your forum password, therefore, could have been, potentially, decrypted and your forum account could have been accessed by someone else; please consider that, especially if you have shared sensible information using forum private messages.

I have personally re-written some of the Phorum code in order to implement a much secure approach: passwords are now encrypted with a SALT, which makes infeasible to use a rainbow table. In addition to other security measures we have put in place, our Website - the main URL is now dadabik.com, with dadabik.org redirecting to dadabik.com - has now HTTPS browsing by default.

Please login into the forum and change your password: this is the only way to ensure your password will be stored using the new system. If you login into the forum, the system will actually force you to change your password.
Please also consider to change your password for other services in which you have used the same password you used for the forum.

I am very sorry for the inconvenience and we have worked hard to avoid the same problem will occur in the future.

Best,
Eugenio Tacchini
DaDaBIK Founder

Top