StarDot Admin wrote:The forum database was compromised. The upshot of which is that the contents of the database user table was stolen, resulting in everyone's username, email address and hashed password being harvested.
On another forum (Atari-forum), the admin has discovered how bad Tapatalk is at abusing the phpBB software. TapaTalk extension breaks some fundamental phpBB API rules. So that admin has completely removed it.StarDot Admin wrote:The breach was a result of letting our underlying server software get out-of-date. We were three minor upgrades of the forum software behind, but I postponed the last forum upgrades because the underlying versions of PHP, the database and the operating system itself were all getting very old and would have broken the upgraded forum software. Unfortunately, the old version of the operating system we were running made it very hard to do an in-place upgrade of the OS. We've been well aware that a migration to a brand-new server was required, but due to the complexity of some of the sites we run that live on the same server as this forum, I have been putting it off. This breach - which was undoubtedly the result of an automated malicious software scan - is a result of that laziness, and I'll have to hold my hand up to it. :/
I don't know how up to date the phpBB software is here, but I thought it wise to let everyone know about these problems, so if actions are needed, they can be taken.