This sounds like a b-story on the hacking drama Mr. Robot. The most popular forum in the entire gambling universe, 2+2 or twoplustwo, was hacked. Apparently, the data is being held for ransom. In a site-wide correspondence, the security team suggests that the user database was compromised sometime over the weekend. The information obtained in this hack includes your username, email address, encrypted passwords, birth date, and your IP address.
The management at 2+2 strongly encouraged all of their members to change their passwords on 2+2. This hack does not affect anyone who registered with 2+2 after November 20, 2016. But if you're an old-school user like myself, you might want to follow the instructions below to help secure your info. You should also change your passwords on sites that you also use the same password as 2+2. Consider using something like Password Manager to help you store and create unique passwords.
This communique was originally posted on 2+2 on Sunday night. This is a copy of the email that we received at Club Poker HQ in Paris….
Dear member of the Two Plus Two Forums:
On January 8 we learned that the user database at http://forumserver.twoplustwo.com had been compromised. We cannot find any evidence that accounts created after approximately November 20 have been compromised (we fixed a problem that day) but as a registered users you should assume that if you've been a member of the forums since before that date that the information necessary to determine your (unchanged) password is out there. Information obtained includes username, email, encrypted password, birthdate, and IP address.
The people "selling" the database claim a December 7 date, but we believe this to be wrong.
We are asking all users to reset their password if it hasn't changed in the last 45 days. You will be prompted to do so the next time you login to the forums. In addition we will shortly be invalidating the passwords of accounts that have not been active for some time. The users of those accounts will need to follow the forgotten password link to reset their password.
A user suggested that the following actions are incredibly important, and we agree:
1) Change your Password on 2+2
2) Change ALL other passwords that are the same or similar
3) Start using unique passwords for every site, these breaches are so common. I'd recommend a password manager like lastpass
4) enable 2 factor authentication on any vital accounts/emails
5) Take extra precautions to verify identity when trading via 2+2 (or any other site) via separate means
The Two Plus Two Management