Whirlpool, Overclockers in security scares
update Both broadband discussion forum Whirlpool as well as computer hardware market and forum Overclockers AU appear to have had their security compromised over the weekend.
On Saturday, Overclockers founder James Rolfe said that he'd become aware of strange activity. "Unfortunately last night I became aware of a possible security issue on one of our servers and noticed some unusual activity," he said on the site. "I am investigating it in more detail and will be working with the vendor of our forum software and quite possibly the police to determine what has actually occurred."
He said the issue wasn't likely serious, but that users might want to change their forum password.
Whirlpool founder Simon Wright put out a similar message on Sunday. "Unfortunately, Whirlpool has become aware of a security issue with the site that occurred over the weekend. Due to thorough logging procedures, we're confident that we're aware of all malicious actions, and we have used this information to lock down the system and disabled a small number of accounts likely to have been compromised," he said.
He recommended that users change their password. He considered that the incident might be related to the Overclockers problem and said that he was asking Rolfe about the possibility.
Wright seemed exasperated about the response of the community to his post. "Everyone please just calm down, you're treating this as a much bigger deal than what it really is. I can't discuss the issue much now as we're still collating information, but I can assure you that our suggestion that you change your password was only a precaution," he said.
"There's only so much we can tell you right now, and there's only so much we can ever tell you without compromising security in the future. Nobody should doubt that we take the security of Whirlpool (and therefore its data) seriously; but we advise against relying upon it for matters of greater importance."
Whirlpool was the victim of another attack two years ago which also required passwords to be changed. Wright said then that the intruder was identified, the extent of the intrusion documented and legal processes had been started to make sure the intruder wouldn't hit Whirlpool again.
Wright and Rolfe declined to comment.