[Mark]

Hi all,

Firstly thanks for being patient yesterday with the site going down. We found out what was wrong fairly quickly, but what took time was sorting out all the logs and tracking down who to report this to. For now we have just upgraded to a newer version of the forum software for a few days, which should be secure for you to use until we decide whether we are going to stay here or use a different board. There's only 1 week of BB left, so we will decide after final night evictions.

So for this last week, features we added such as Karma won't be working. We thought it was important to get a working version of the forum back online so people can keep posting, than keep it down while we are deciding what to do next.

The database was viewable for about an hour, and as such email addresses, encrypted passwords and U2Us were viewable for this time. At this time we aren't releasing too much information on who the people were until we hear back from some places, but it was a few people from another website, and then 1 new TiBB member who had access. The passwords are encrypted with MD5, which is a one way process of encrypting your password. So whoever saw the passwords would see something such as 554y3g5bf9108cd896f33c44aedc. As some people are likely to have had bad passwords security wise, or used the same password for other things, this is what I recommend:

==================
If you had a secure password, eg. vpj48oju3 or blt34hhx and this password was only used on ThisisBigBrother.com, there's not much to worry about. I'd strongly advise changing your password on TiBB though to something else that is unique.

==================
If you had a password which isn't complicated, eg. Villa, Australia, and this password was used on TiBB only, it's not the worst case scenario. At worst, if your password was found out people would only gain access to your TiBB account, and a mod or admin would sort it out fairly quick. You MUST change your password however, to make sure you are safe.

==================
If you had a secure password, eg. adb389hfs or 309fdnoaa, but you used the same password on other websites, the fact that the password is a random string will be enough to make sure your password isn't findable. You should definitely change your passwords so that your TiBB one is unique and different to other websites.

==================
If your password isn't very compliated, eg. apple, xfactor, and this password was used on other websites, this is where our main concern is. MD5 encryption is a one-way process of changing your password into a series of letters and numbers, however a lot of the 'more common' words are available on the internet. You should IMMEDIATLY change your TiBB password to a combination of letters and numbers, and for security change the password on the other accounts you had linked with that password. Just make sure your email password is unique, and not something anyone could ever guess.



A few people emailed me yesterday and said they use the same password for a few sites, and couldn't remember their TiBB one and could I email it to them. The answer here is no! The passwords are stored as as random letters and numbers and we aren't able to tell what they are. For security, just after you have read this change your TiBB password immediatly, and any other e-mail accounts associated which you think might have a weak password on.

If any of you are locked out your forum account and are reading this, please either use the password request feature or send me an email mark AT thisisbigbrother . com, but only send an email from the email address registered to your account, or I'll assume it's not genuine and won't reply.

For now, I can only say that we are sorry for all this aggro. Unfortunatly no amount of apologising can take what has happened back, so all we can do is work on making the site more secure - which is currently our top priority. Please make sure you change your passwords right now, and you can get back to posting as normal! Also incsase this were to ever happen again, please make sure you don't keep any personal information in your U2U's such as your home address or phone number. As I mentioned before, a few of the features which James and I have added in the past aren't available for a bit, but they'll be making a comeback soon.

If you have any questions, you can ask us in this thread, or if it's more private just send us a U2U.

[Barbie]

I have a U2U from myself, is it safe to read? just seems weird.. or am i safer to delete it?

it says i have 7 U2U's but there is only one post in there that is unread and that apparently is from me

[Nicky.]

The whole site is completely weird for me!

It says I have 7 U2U's, and there is non

and the posts on the side have gone, and avs and sigs are gone :S

[Nicky.]

Hold that thought, my banner and sig have magically appeared, it's the [ b ] stuff in the personal message and shizz?

[Mark]

[rquote=2497654&tid=144192&author=Nicky.]The whole site is completely weird for me!

It says I have 7 U2U's, and there is non

and the posts on the side have gone, and avs and sigs are gone :S[/rquote]

I said some stuff was missing in my post

It'll be back in a day or two..

Will fix the problems with U2U's also, just ignore them for now.

[Barbie]

[rquote=2497654&tid=144192&author=Nicky.]The whole site is completely weird for me!

It says I have 7 U2U's, and there is non

and the posts on the side have gone, and avs and sigs are gone :S[/rquote]

i found all 7 U2U's and they are dotted around my U2U messages with dates back in 07, seems strange

[Nicky.]

Ohh, I will scan back! Ta!

Also, where are the icons and stuff? and how come the post counts are the actual count? Xx

[Mark]

[rquote=2497662&tid=144192&author=Nicky.]Ohh, I will scan back! Ta!

Also, where are the icons and stuff? and how come the post counts are the actual count? Xx [/rquote]

Because stuff hasn't been added back yet!

[King Gizzard]

cheers marc, missed this site lol

Clue:

The post count of the member who shares the same name as a UK city 256 miles from Torquay

[James]

Yeah, this is a more basic version of the forum which we have had to install for now.

Most of the changes we've done over the last few years will have to be redone...

Here is a partial list of what has gone...

bbcode custom statuses
spoiler mod
youttube
forum icons
forum categories
sidebar
cellover effect
custom themes
award system
ignore
rss feed
avatar upload / gallery
fav housemates
karma

[Novo]

[Barbie]

at least its back!

[Nicky.]

Haha ok! I will shush now!

Gutted about the karma!

Took me like, almost 2 years! Xx

[Tom]

We know it isn't your fault anyway but say my password is the same here as an email address where there is no trace of it on the forum is it still affected? Like the one I registered with I couldn't give a sh*t about, but is my proper one at any kind of very low risk (which isn't even on the site in any way shape or form)? As well as that, what about other websites that again aren't listed on here?

[Chri$]

I really love the new thread icons.

I have 112 New U2U's lol

I am looking forward to the custom status thing to come back. < I love that smiley!

[arista]

Has the
Hide the banner control gone?

[Mark]

[rquote=2497702&tid=144192&author=Tom]We know it isn't your fault anyway but say my password is the same here as an email address where there is no trace of it on the forum is it still affected? Like the one I registered with I couldn't give a sh*t about, but is my proper one at any kind of very low risk (which isn't even on the site in any way shape or form)? As well as that, what about other websites that again aren't listed on here? [/rquote]

Not if there's any trace of it to this forum nope. I'd think about changing it anyway just to be safe when you get the chance.

[Lauren]

Tom unless it's the email address you signed up here with, it won't be affected. However; when you signed up for the email address you couldn't give a **** about - you may have entered an "alternate email address" (whereby if you lose your password it's sent there) - if you set it up with an alternate email address - change all of your passwords.

(At least, that's what I think - James or Mark may say otherwise).

[Tom]

Ah thats good then, thanks I change them every now and again anyway so its not a problem really

[Locke.]

I can't read my 46 new u2u's

[James]

[rquote=2497702&tid=144192&author=Tom]We know it isn't your fault anyway but say my password is the same here as an email address where there is no trace of it on the forum is it still affected? Like the one I registered with I couldn't give a sh*t about, but is my proper one at any kind of very low risk (which isn't even on the site in any way shape or form)? As well as that, what about other websites that again aren't listed on here? [/rquote]

No, it is only the one you have registered here that is affected. And then, we believe, only if it is not a 'strong' password with random letters etc.

[Tom]

[rquote=2497718&tid=144192&author=Lauren]Tom unless it's the email address you signed up here with, it won't be affected. However; when you signed up for the email address you couldn't give a **** about - you may have entered an "alternate email address" (whereby if you lose your password it's sent there) - if you set it up with an alternate email address - change all of your passwords.

(At least, that's what I think - James or Mark may say otherwise).[/rquote]

its my MSN account, I've already changed that password anyway and my alternate email address is an old one I can't access anyway

[Ross]

hi

tom come on msn

[Brad.]

wow this is pretty crazy. Anyway yeah, I hope the site can return to normal ASAP.

[Gemmer-x]

ahhh it seems all weird!