TWOPLUSTWO Database Hacked

twoplustwo hacked

The user database at forumserver.twoplustwo.com was hacked on the 8th of January, according to an email from the management team of the website. The email was sent to the users on the following day.

User accounts created before the 20th of November should assume that confidential information such as their username, email, encrypted password, IP address, and birthdate may have been obtained.

The company recommends that its users change any password that has not been altered in the last 45 days. Users will be asked to do so the next time they log in otherwise. Inactive accounts will have their passwords reset and will be required to follow the ‘forgot password’ link in order to reset it.

Here is a set of instructions TwoPlusTwo detailed in its recent email,

  • Change your password on 2+2.
  • Change all other passwords that are same or similar
  • Begin using unique passwords for every site.
  • Enable 2-factor authentication on any vital accounts.
  • Take extra precaution to verify identity when trading via 2+2(or any other site) via separate means

Coincidentally, TwoPlusTwo had its forum section hacked in April 2012. The company’s security was breached which compromised users’ personal information and terminated the site.

This is the text statement posted on the site after the forums went offline to handle the issue,

“On April 26th at approximately 11:20 AM pacific time, the Two Plus Two Forums were closed as a result of a hacker who has displayed the ability to access e-mail addresses and encrypted passwords. He also indicated the ability to decrypt passwords. While it is unclear the extent of data to which he gained access, email addresses and passwords on the Two Plus Two forums should be considered compromised. If you have used your 2+2 password on any other site, you are advised to change it. For your security, we are closing the forums until the breach is patched. We hope to be back up as soon as possible.”