"80 000 user names and password hashes available for download by Thor on Sun 14 Oct 2007 00:47 EEST Permanent Link CERT-FI has published advisory 07/2007, informing the public that a file containing logon credentials of some 80 000 users, apparently most of them Finnish, is available on the net. (Here is a sanitized version.) Some passwords are even stored in plain text rather than as encrypted hashes, and are therefore ready for use, no cracking required. At least the following sites have reported their users (some or all) being on the list: Hilavitkutin.com Kiekkoliiga Rakkausrunot.fi Voitta.net Additionally, Erka Koivunen, head of CERT-FI, has been quoted mentioning MuroBBS as a typical service whose users have had their passwords exposed. Whether you are an end user or an administrator, take note of the epilogue:You'll hear more about us sooner than you think. So don't worry, if you weren't on the list, wait for the next release.A similar incident occurred a few weeks ago, when 100 user names and passwords belonging to governments and embassies were sniffed and posted. Don't be a victim - whether youre Finnish or not, change your password often. A good password - which obviously must not be a natural language word - is easy for you to remember, but impossible for another person to guess. If you run a web forum, social networking site, or similar service, here's more to do: Obtain the unredacted list, and check it against your user base, especially if you cater predominantly to Finnish users. If you can, replace passwords by a safer method, such as client certificates, or third party authentication. If you're stuck with password authentication, enforce safe passwords by means of system policies. Do not allow passwords to be transmitted in the clear. They should always be encrypted to an authenticated recipient (not to a "man in the middle"). Educate your users, and make sure they actually get it. If feasible, have them pass a test as a prerequisite to obtaining privileges. Have you been affected by the aforementioned lists, or by a similar security incident? How would you advise those at risk? Please post your comments!" * http://blog.anta.net/blog/_archives/2007/10/13/3288799.html i doubt this would happen to the purse forum it is not a bad idea to change your password sometimes. FOR FINNS: change your passwords (in finnish pages)! read that also irc-galleria, demi.fi and huuto.net got into the fire. some email accounts were also attacted. so please change your passwords!