We have discovered that someone has been able to compromise the forums on CFD Online. Our forum user-database was most likely stolen and this database contained encrypted forum passwords (the stored passwords were both hashed and salted before stored, but the random salt was also available in the user-database). The hash algorithm used is fairly reliable, and was used twice with the random salt, but there has been reports of possible weaknesses, so someone might be able to decrypt the passwords. Hence, we ask everyone to please change your passwords.
All registered users should have received an email asking you to please change your password in the forums. If you remember your password you can do this in the User Panel > Edit Email and Password section here:
https://www.cfd-online.com/Forums/pr...o=editpassword. If you have forgotten your password you can request a new one to be set and emailed to you at
https://www.cfd-online.com/Forums/login.php?do=lostpw
In addition to the stolen user-database the intruder was also able to install his own Google AdSense advertisements in the forum threads. These ads were quite annoying and were not visible for administrators or moderators, so it took some time for us to discover them. This also happened in the middle of our vacation time. These annoying ads were available from July 28 until August 21.
If you have any questions or comments about this please do not hesitate to contact us at
webmaster@cfd-online.com.
We are very sorry about this incident and would like to sincerely apologize to all of our fantastic users.