hacKeD??

Okay, it's a good thing to find weaknesses so they can be fixed. But it could lead to a lot of visitor loss for a website. Isn't it better to discuss these sort of things directly with the admin instead of posting it here?

I think users should know that their data has been in other hands. But shouldn't the admin of the site get a chance to break the news?

I for one am happy that this happened if that means the site will be safe from this kind of stuff in the future and nothing harmful has been done.

Or is this some hoax? How come no one has responded to this yet?

I'm on it.

I contacted the guy, will let you guys know once I have more info.

Oh dear now i must change my 7 years old password

WetWildWendy.com

So, that's our hacker guy right here (pointing to the post above)

To update:

We exchanged a couple of emails. What he said pretty much confirmed what I was able to discover from my logs:

- only the forum user data was dumped, site accounts and other data weren't downloaded at all (and even if they were, they have stronger protection than the forum accounts)
- forum user passwords are crackable (even though they ain't plaintext) so you should change 'em
- the flaw that allowed for the attack was what I thought it was and is fixed. That doesn't mean we're safe forever, and I'll try and find other similarly vulnerable points on the site in the coming days.

Basically, the guy who attacked us ain't evil, and we're a bit safer after this. Change your passwords, but you have to do it anyway, so it's a good excuse

I only changed my 3 months ago.  Oh well.
I don't even know what my password is.  I do know its a randomly generated 32 character one. 

I thought so too, until my e-mail account started sending spam everywhere.

Now I use 4 passwords, 1 for not important websites, 1 for fishy websites, 1 for important ones and a variation of 1 for paypal, online banking etc.

I use 1Password, its a paid for app, but does the same thing
So much better

So it's possible that someone (a "hacker") could log in as me....Gargamel, and change my favourite shows to reality tv trash and Honey Boo-Boo, that's diabolical!!!!!

If i was logged in as you i would only change your avatar to Gargamel of the tv show The Smurfs .

Thing I don't get is why people still use the term "password", I've had 'pass phrases' for years, and it changes with every single site I'm a member of...

One of the best things I've seen for secured 'passwords' its to have it in three sections (obviously some sites don't allow a part of this which is annoying)

1) A few words culminating in a short sentence, using upper and lower case alpha numeric symbols, something meaningful to you.
2) A forward slash, hyphen or other dividing character (supported by the site you're on that is).
3) A site specific suffix (never reused anywhere else), mix upper and lower case letters and use numbers here too.

So you end up with something like;

Cr33persRea11yL0veM3/MC

If this were a real password I'd have used it for a mojang account for example... change the /MC to /hml for hotmail for example and so on...

Using this style of password I've never had a hijacked account... Just a thought for people who may be wanting to change passwords regarding this.