PlusNet has today sent an e-mail to customers who have used its discussion forums in relation to a bug that has been identified which could have resulted in information being leaked including encrypted copies of passwords. With a bit of time, these could be converted into 'plaintext' passwords and be used to login to the portal as the relevant user.
"It recently came to our attention that a potential security problem existed on our website discussion forums. It could have been possible to exploit the forum software, and retrieve an encrypted copy of the password details we hold for your account.
As a user of our forums, we are now emailing you to advise you of this, and of the next steps you should take. Although we have no evidence that a malicious attack has occurred, we can confirm that one of our customers proved this vulnerability, and subsequently contacted us. We would like to publicly thank that individual, and we have had assurances that any data obtained has now been destroyed.
We are now asking all customers in receipt of this email to change their account password as soon as possible, purely as a precaution. This can be done on-line, by going to our member centre website at http://portal.plus.net
This only affects customers who have not used a 'strong' password that is not easy to guess. It's always good practice to make sure you change your password on a regular basis. Take a look at the advice on http://www.plus.net/support/security/index.shtml for more information about how you can improve your online security.
If you would like more information on this incident please visit our support page at http://www.plus.net/support/customer_service/community/forum_security.shtml "PlusNet E-mail to affected users
If you are a PlusNet user but have not received such an e-mail by tomorrow, you are unlikely to be affected. If you are still concerned, it never harms to change your password. Users should note that they may need to change settings on their routers as well if it uses the same authentication details.
PlusNet re-iterate the confidentiality of their customer data is important and have recently undertaken a full security audit of their portal and intrusion tests on their internal and back end systems.