Security Update

[peter]

It is with regret that the Blue Room have to announce that between 7th and 18th of November 2012, our server was compromised. Due to an exploit in the Invision Power Board software that we use, unauthorised access was provided to the back-end database that runs the forum. Although this exploit has now been fixed, there is a chance that members details (in particular email addresses and other profile data) could have been obtained maliciously. Although we have no evidence to suggest this happened, we do advise all members to monitor their emails, and change their passwords on a regular basis. Whilst we store passwords in an encrypted format, brute force attacks have been shown to crack this encryption, so if you use the same username and password on the Blue Room as on other sites, it is advised that you change those passwords accordingly, as a precautionary measure. As a reminder, one of the best ways to protect yourself online is to follow password best practices and use different login credentials across different websites and services. The Blue Room does not store any sensitive data (payment details, private addresses, etc) within our database, but we take your data security very seriously.

 

A software patch has now been applied to the forum to prevent this sort of attack in future.

 

If you notice any odd behaviour, or feel that your data may have been compromised in other ways, please contact the admin team via email (admin@blue-room.org.uk).