The world’s biggest poker forum, TwoPlusTwo, has been hacked with over 400,000 members personal data stolen, including the potential to decode passwords.
Earlier today, management from the forum sent an email to all members warning them of a security violation discovered Sunday, 8 Jan.
News of the breach first hit the digital airwaves after UK poker pro, Max Silver, was made aware someone was trying to sell the database including usernames, email addresses, IP addresses, birthday, last login date, registered date and password hash.
Silver contacted TwoPlusTwo moderators and tweeted the breach including a five-step plan to mitigate personal harm:
1. Change your password on 2+2
2. Change ALL other passwords that are the same or similar.
3. Start using unique passwords for every site.
4. Enable two-factor authentication on any vital accounts/emails.
5. Consider using a password management system like LastPass.
6. Take extra precaution to verify identities when trading via 2+2.
The last one is of particular importance as TwoPlusTwo continues to be a hive on interest when it comes to buying/selling/swapping action between members allowing the thief to impersonate a TwoPlusTwo member for financial gain.
Silver’s tweet also indicated that accounts created before 7th December 2016 had been compromised. The email issued by the TwoPlusTwo team states that accounts opened before Nov 20 had been compromised.
TwoPlusTwo administrator, Mat Sklansky, reported that the most recent hack is under investigation and they will provide more information when it surfaces. The email sent to what PokerNewsReport believe to be over 400,000 members suggests that the attackers have a ‘reasonable chance’ of decoding passwords.
Members trying to access the site to change passwords in the wake of the news were greeted with a pop-up suggested the same. TwoPlusTwo administrator, Chuck Weinstock, has confirmed the pop up is legitimate and not part of a scam created by the hackers.
It’s not the first time TwoPlusTwo has had a security breach. Back in April 2012, TwoPlusTwo were forced to close the site down after hackers gained access to email addresses and encrypted passwords.