TwoPlusTwo forums hacked

World's largest poker forum, TwoPlusTwo, is currently closed as a result of a hacker who has displayed the ability to access e-mail addresses and encrypted passwords. 

The hacker might have the ability to decrypt the passwords and the site was closed as a precaution.

"For your security, we are closing the forums until the breach is patched.  Upon reopening the forums you will be forced to change your password – it is counterproductive to do so now", email from TwoPlusTwo tells.

Noah Stephens-Davidowitz, who is one of the moderators on the twoplustwo site, advices what the users should do now:

  1. Quit using the same password for lots of stuff (if you do). This will not be the last time that this happens. The huge problem with passwords is that the server has to store (some version of) them in order for them to be useful. (There are cool cryptographic ways around this, but that’s for another post, and nobody uses them yet.) When information exists, people get access to it–especially when it comes with a big sign on it that says “This information can be used to earn lots of money.” Password leaks happen really really often. Don’t put all your eggs in one basket because, when it comes to password security, baskets get stolen really frequently.
  2. Change the password on the e-mail that you use for 2p2 to something secure. While the hacker has no immediate access to this if you use a different password, a hacker with your e-mail address is a scary thing. E-mail addresses are really really important things to keep secure because a lot of accounts can be easily accessed through your e-mail address (e.g., your poker accounts). So, this is a nice time to remember basic password security, which means changing your passwords frequently (e.g., now) and using secure passwords. Again, see my previous post about secure passwords. If you’re not sure what e-mail you used for 2p2, you should have recently received an e-mail from or you will receive one shortly. The address that received this e-mail is the one whose password you should change.
  3. Change your other important passwords similarly. Again, see my previous post about secure passwords–It’s really not a hassle at all to have a secure password if you follow good advice instead of the standard stupid “Use lots gibberish with special characters and weird capitalization” advice.
  4. If you’re a high stakes player, a moderator, or otherwise someone whose account may have been interesting to the hacker, worry about what was in your PM box. If I were a hacker (and had fewer scruples) who had access to durrrr’s 2p2 password, for example, I would have downloaded his PMs. There’s some reason to believe that this hacker was familiar with 2p2 and the poker community, so it’s not too far-fetched to think that he may have had this idea. He had access to the forums for long enough to have downloaded a lot of PMs.
  5. Keep forgetting that 2p2′s down, opening it up, and then getting really pissed off. That’s not actually advice; it’s just what I’ve been doing.

TwoPlusTwo has not commented on how long the forums will be down.


Other Poker news

Leave a Reply

To post comments you need to Login or register your free HighstakesDB account.


No comments have been posted yet.