Popular IRC service UKChatterbox is advising users to change their passwords following a series of hacks which culminated in an attack that may have compromised user details. The password reset follows on from a succession of outages – previously attributed to maintenance upgrades – dating back to the start of the summer. In a …
Some clarification on UKChatterbox
Quote: "Although one user accused UKChatterbox of a succession of basic security errors and subsequent cover-ups, we have a lot of sympathy for the site. Running an IRC channel – which often becomes a magnet for flame wars, hack attacks and squabbles"
I, being that "one user" being referenced, used to be staff on the service. Firstly, UKChatterbox is not your average IRC network, so flame wars, net/irc wars aren't an issue. They don't describe themselves as an IRC net, they're a "web-chat service", they are the largest "web-chat" service of it's sort in the UK with over 2 million users, over 2 thousand on-site at any time.
The security errors have been acknowledged, they range from mysql injections which allowed access to the user database (the reason for the password resets), through to other human-errors on their staffs part with regards to the complexity of passwords and password reset procedures.
Until the "password reset announcement" they hadn't once admitted or acknowledged any of the activities to it's users/chatters for two months, but communication in-house did mention them. What the users got was numerous notices about server/hardware failure, maintenance and upgrades.
So whilst I don't wish to inflame the situation (apparently some of the staff have taken this very personally), the reason for the forced password resets and the accompanying recommendations on email security is that multiple tables in the database have been accessed, with plaintext passwords in-use, over 90% of users use the same passwords on multiple sites.
- Product round-up Six of the best gaming keyboard and mouse combos
- LinuxCon 2014 GitHub.io killed the distro star: Why are people so bored with the top Linux makers?
- Boffins attempt to prove the UNIVERSE IS JUST A HOLOGRAM
- China building SUPERSONIC SUBMARINE that travels in a BUBBLE
- Review Raspberry Pi B+: PHWOAR, get a load of those pins