By RPS on January 20th, 2012 at 7:40 pm.
Hello there. It really sucks to be posting this, but this week the RPS forums were hacked. The hackers found a way into the server on the 14th Jan, and had access for five days. We only found out last night; that hole is now closed, and they’re gone.
However, it’s not entirely clear what they did when they were there. There is no evidence that they managed to get at user details, which are well hidden, but simultaneously there’s no absolute evidence that they didn’t. So at this point we have to assume the worst.
If they got to those files, they will have got people’s emails, usernames, and encrypted passwords. Those passwords were encrypted in such a way that our tech bods believe it will take them at least a month to crack. But it means that we *strongly* recommend that you not only change your password on the RPS forums/commenting registration, but if you use that password elsewhere, make sure you change it there too. In fact, we utterly strongly recommend that you never use the same password in two different places, for this very reason.
We’re tremendously sorry. We learned that there had been some sort of incursion yesterday evening – the tech people at Positive closed it off immediately, and have been sorting it out since, working out what they could have found. We learned the information reported above half an hour ago, and have told you as quickly as we can.
An RPS forum account and an RPS commenting account are two different things; again, we don’t yet know what, if anything, was accessed, but you should reset passwords for any RPS accounts you have, as soon as possible. We are emailing everyone who has an account with RPS to let them know, with the details given here.
Please head here to change your forum password:
And here to change your comments password:
Lovely subscribers/donors – any financial details you use for that are off-site entirely, so no need to worry on that front, but if you use(d) the same password on Paypal that you did/do for RPS, you should change that immediately.
We’re bitterly upset that we were targeted. RPS is a site that has constantly stood up against that which so many hackers claim to be fighting. Of course, we don’t yet know who did this or why.
And please accept our emphatic apologies that this has happened. We are doing our best to ensure this doesn’t happen again. Meantime, it’s business as usual on the site, in comments and on the forum. Thanks for your support, patience, loyalty and loveliness.