Late last night, just as I was getting ready to go to bed I had one last check of my emails. Amongst the pointless rubbish that usually lands in my inbox at 23:00 on a Thursday night was an email entitled "Two Plus Two Forum Outage," which in itself was unusual because in all my time as a member there I do not recall ever receiving an email to tell me the site was down or scheduled to be down.
When I opened the email this is what greeted me:
Dear Two Plus Two Members,
On April 26th at approximately 11:20 AM pacific time, the Two Plus Two Forums were closed as a result of a hacker who has displayed the ability to access e-mail addresses and encrypted passwords. He also indicated the ability to decrypt passwords.
While it is unclear the extent of data to which he gained access, e-mail addresses and passwords on the Two Plus Two forums should be considered compromised. If you have used your 2+2 password on any other site, you are advised to change it.
For your security, we are closing the forums until the breach is patched. Upon reopening the forums you will be forced to change your password - it is counterproductive to do so now.
We hope to be back up as soon as possible.
Two Plus Two Interactive
Like many other Two Plus Two members I use the same password for a whole host of sites, or at least I used to do. As my online poker site and bank both have RSA tokens attached to them I was not overly worried and did not change the password associated with these accounts until this morning. But if you use the same email / password combination for any other site that you use for the Two Plus Two forums then you must change your passwords immediately because there is a significant chance that the hacker has all of your details to hand.
Attempting to visit the Two Plus Two site now just gives you an error message because the administrative team have completely taken it offline until they can fix the vulnerability exploited by the hacker. Fingers crossed it is only people's Two Plus Two accounts that become compromised and that this serves as a warning for those of use who are a little lazy with internet security and the creation of unique passwords.
Follow PokerNews on Twitter for up-to-the-minute news.