We have some unfortunate news to pass along. Yesterday we were informed by our server team that the server hosting thebuddyforum.com was compromised and the website's database was accessed. Here are the facts: - The exploit used has been identified and resolved. The server has been further hardened and extra "just in case" actions have been taken and will continue to be taken. - All code that resides in the database and the file system has been thoroughly reviewed for malicious edits and uploads. Here is what we think they took: - Email addresses and passwords used to register on thebuddyforum.com - Usernames and passwords used to operate Honorbuddy and Gatherbuddy prior to July 19 2011 Were the passwords encrypted? - Passwords used on thebuddyforum.com are double md-5 encrypted and salted. It is most unlikely that they can be read. - Prior to July 19 2011, our bots used usernames and passwords. Those passwords were MD5 encrypted but not salted. Ones with less than 8 characters have a serious risk of being decrypted. What will we do next? - We will send a message to every email address that could have been harvested with a copy of this post. - Over the next 2 weeks, we will contact everyone who bought prior to July 19 2011 and they will be moved from using a username/password combination to using the login key system. Here is what you need to do: - Go to Lost Password Recovery Form - Home of the Buddy Bots - Honorbuddy, Gatherbuddy, Demonbuddy, Buddy Wing, Tankleader and change your forum password. - If you have used the same password for your email account and thebuddyforum.com, change your email password right now. - If you have used the same email address and same password for your battle.net account and for thebuddyforum.com, change your battle.net password right now. No website wants to make an announcement like this. I assure you we, as the Buddy Team, can not apologize profusely enough. Our websites come under attack all time time - and until now the bad guys did not make it in. Unfortunately for us, yesterday was our time. We have been attacked before but never breached, and please know we are going to continue to do everything in our power to ensure it doesn't happen again.
