The Straight Dope, the popular online question and answer newspaper column, is advising users of its forum to change their passwords because the information might have been compromised in a recent attack targeted at the bulletin board.
The company has posted a notice on its forum, but provides little details. The breach was apparently discovered by its security team, but it’s uncertain when and for how long the attackers had access to their systems.
What they do reveal is that the cybercriminals accessed usernames, email addresses and passwords. Social security numbers and payment card information is not collected, so such data hasn’t been compromised.
The passwords are encrypted, but The Straight Dope can’t guarantee that they can’t be cracked through a brute force attack. It’s uncertain what type of encryption has been used. The only information we have is that the passwords are “protected using hashing.”
“Thus if your password isn’t very complex, the hacker could use brute force to figure out your password by trying lots of combinations,” The Straight Dope editor Ed Zotti noted.
This leads us to believe that they’re using MD5 or something similar.
In any case, users are advised to change their passwords, not only for The Straight Dope forum, but for all online accounts if the same one has been utilized for multiple services.
In addition, impacted customers are advised to visit a page about how to protect themselves against identity theft.
The Straight Dope says that it has launched an internal investigation, but they’re also working with law enforcement to get to the bottom of it.
“In addition, we are taking several steps to prevent unauthorized access to our systems to protect your information,” Zotti added.