The hack was apparently prefaced by a defacement of Ars Technica’s front page, before the hacker returned a day or so later and managed to access a user database.
As a result, registered users of Ars Technica may now have had their email addresses exposed as well as hashed and salted passwords.
Tonight users who had registered on the site began to receive email notifications from the site, advising them that it would be sensible in an “excess of caution” to ensure that they are not using the same password on any other websites.
You are receiving this email because you may have – at some point – registered as a user on ArsTechnica.com. Our site was recently hacked.
Log files suggest that this intruder had the opportunity to copy the user database. This database contains no payment information on Ars subscribers, but it does contain user e-mail addresses cryptographically-protected passwords.
Out of an excess of caution, we strongly encourage all Ars readers — especially any who have reused their Ars passwords on other, more sensitive sites — to change their passwords today.
Good for Ars Technica for coming clean, and advising registered users to change their passwords as a precaution… but it’s a shame they are hiding the news so far down their webpage…
It’s also a shame that they didn’t warn their users that their stolen email addresses could now be used in targeted phishing attacks, perhaps with cybercriminals disguising their messages as coming from Ars Technica.
Be careful out there, or you might find yourself the next to fall arse over tit.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.