[Sam Granger]

Usernames, e-mails and passwords of hundreds of thousands of accounts leaked on the Internet

The project website of one of the most popular open source bulletin boards, phpBB, has suffered a major security breach that has resulted in the exposure of 400,000 e-mail addresses. A hacker has obtained access to both the forum and mailing list databases by exploiting an unpatched vulnerability in the PHPlist newsletter software.

http://news.softpedi...ed-103772.shtml

They are talking about phpBB website but its about the mailing list, so if you are running phpbb watch out for some upgrades.

[Diffraction]

Yeah, I heard about this earlier.

The hacker apparently started a blog here:

http://hackedphpbb.b...ace-holder.html

Stupid script kiddie

[styyls]

Who gains from this? Who loses from this? Those are the two biggest questions and the answers are obvious. This kid has no sense.

I feel bad for him when he goes to prison, with people who've murdered. I'm sure they're going to get a kick out of his crime, but he won't be laughing then.

[Jamie]

He wouldn't last here for 10 minutes, he'd get a warning from me every two minutes what with that poor grammar of his.

[Salathe]

It just goes to show how using software written without best practices can open up a can of worms. At least going public will raise awareness of this particular issue.

[Gaz]

Can't say I'm surprised: hasn't phpBB always been thought of as hacker-prone?

[Diffraction]

It was NOT PHPBB that had the vulnerability, it was PHPList a mailing list software they were using.

[Will Roberts]

Clever kid but annoying to say the least.

[thinglie]

phpBB 3 is very secure compared with phpBB2. I would actually use that to set up a web forum instead of writing my own now. It's still got a pooey admin compared to IPB's, but you shouldn't have to use an Admin CP too often anyway.