TwoPlusTwo Posting Forum Hacked, Information Compromised

Written by:
Published on:

The popular posting forum, which is among the most read by poker players, has been compromised according to the site operators.

The following notice was sent out to members of the forum following this past weekend’s hacking.

Dear member of the Two Plus Two Forums:

On January 8 we learned that the user database at had been compromised. We cannot find any evidence that accounts created after approximately November 20 have been compromised (we fixed a problem that day) but as a registered users you should assume that if you've been a member of the forums since before that date that the information necessary to determine your (unchanged) password is out there. Information obtained includes username, email, encrypted password, birthdate, and IP address.

The people "selling" the database claim a December 7 date, but we believe this to be wrong.

We are asking all users to reset their password if it hasn't changed in the last 45 days. You will be prompted to do so the next time you login to the forums. In addition we will shortly be invalidating the passwords of accounts that have not been active for some time. The users of those accounts will need to follow the forgotten password link to reset their password.

A user suggested that the following actions are incredibly important, and we agree:

1) Change your Password on 2+2

2) Change ALL other passwords that are the same or similair

3) Start using unique passwords for every site, these breaches are so common. I'd recommend a password manager like lastpass

4) enable 2 factor authentication on any vital accounts/emails

5) Take extra precautions to verify identity when trading via 2+2 (or any other site) via separate means


The Two Plus Two Management

While certainly popular, the forum platform itself is viewed by many in the Web world as “prehistoric” and vulnerable to cyber attacks.

- Nagesh Rath,