Users Must Reset Passwords Following phpBB Forum Breach

Web Services

The open source Internet community phpBB.com is offline after an intrusion that might have exposed user data.

According to a stand-in message on the site’s homepage, attackers compromised several Web servers last weekend. They apparently broke in by stealing the credentials of a phpBB team member.

The hackers obtained access to information on users who registered an account on phpBB.com and area51.phpBB.com.

PHP is a programming language that helps run Facebook, among other websites.

Passwords were encrypted with a code that the organization said is difficult to crack. Still, users are being asked to change their passwords as a precaution.

The attackers contacted phpBB without any intimidating message. The intruders “claimed to have carried out the attack for fun,” SecurityWeek reports.

Individual phpBB installations are not affected by the breach. There is no evidence that forum download packages have been modified by the hackers.

"We will be rebuilding our systems from the ground up and verifying the integrity of all data prior to coming back online. This process will likely take several days," phpBB.com’s temporary homepage reads.