Hackers, Extortion Threats Shut Down Game Site; PHPBB Forum Software to Blame

[mandy]

White Wolf Publishing Inc., a company responsible for some of the most popular role-playing game brands, has shut down operations after international hackers exploited a software flaw and stole user data that included user names, e-mail addresses and encrypted passwords.

Following the breach, the company...said the hackers attempted to extort money by threatening to post the potentially sensitive user data on the Internet.

Although Web site breaches and data theft are commonplace, security researchers say the brazen extortion attempt against White Wolf confirms earlier fears that attacks against small businesses sites are being done by well-organized international crime groups.

...fans of the site said the breach likely occurred via flaws in the PHPBB software used by White Wolf.

full article: http://www.eweek.com/article2/0,1895,1903020,00.asp

Why do sites put themselves at risk by using phpbb for their forums?  :

[rose]

companies that collect sensitive data from customers have a responsibility to find and patch software flaws that are exploited by hackers.

The phpBB Santy exploit was published last December. Why didn't these boinktards take the hacking of 40,000 other boards seriously and install the patches?  :

[bargainbloodhound]

[quote author=rose link=topic=1783.msg6251#msg6251 date=1134925589]

companies that collect sensitive data from customers have a responsibility to find and patch software flaws that are exploited by hackers.

The phpBB Santy exploit was published last December. Why didn't these boinktards take the hacking of 40,000 other boards seriously and install the patches?  :
[/quote]

They probably didn't take it seriously because they don't realize that many of the scripts in cPanel/Plesk/Fantastico, (which I'm sure they used to install the board) aren't the current version and might contain security holes.

"They are picking on the smaller businesses that are less likely to defend themselves.

With millions of small business web sites with poor security (and little knowledge of how to make their sites secure), I can see hackers increasing their attacks.

Hosting companies really need to step up their efforts to provide better security for their shared hosting clients since the hosts are the only ones who have root access and can monitor all incoming/outgoing traffic from their servers and networks...and hosts could also improve security by not pushing things like Fantastico, etc that many times create a security problem:   ease of installation is not worth the risk of giving a hacker an opening