Change Your Password!

[Skemcin]

This should go without saying, but follow these steps:a.) change your passwordb.) go to any other site where you might use the same username and password combination and change your passwordc.) google your username, and try to access any protected site that may be associated with your search result - change your passwordd.) when logging into other site where you use the same username and password combination, reduce or remove personal information and use consistent information - ie. a free email service accountIf this is your first time being hacked - you MUST follow these steps to protect yourself. If you've been hacked before, then this should (as I mentioned) goes without saying.If anyone else has anything else to add - please feel free to chime in. This will be a sticky until August 15 - take note.NOTE: once a target always a target - we are not out of the water (in my eyes)Did I mention?CHANGE YOUR PASSWORD

[boen_robot]

It wasn't us who were hacked for us to change the passwords. IPB uses password encryption so even if the hackers got aload of the SQL database, they wouldn't know the passwords unless they really wanted to hack into some member's account after looong decryption.Besides, as far as I understood from aspnetguy's forum, the flaw they used to hack the forum is about the forgotten password thing. It allowed them to create their own passwords without knowing the password of the admin's account, allowing themselves admin access to the forum. But even with this admin rights, they are not allowed to view passwords. They are allowed to change account passwords without notifications, thus blocking them, but even then, they don't know our old ones.Nevertheless, it's good to change passwords if you could. What I'm saying is that it's not needed in this case.

[Skemcin]

As a moderator, I feel oblidged to advise members appropriate steps to protect themselves. It, obviously, is up to each individual to decide what they want to do.Personally, I'd rather error on the side of safety from my experience.

[aspnetguy]

Just to note I have found more listed exploits on their site. So it is unclear which one they used, although most were just variations of cookie spoofing, changing passwords would be a good idea just in case.