In case you haven’t heard already, Ars Technica got hacked over the weekend, so if you are a subscribed reader now would be a good time to change your password.
“At 20:00 CT on December 14, an Internet intruder gained access to one of the Ars Web servers and spent the next hour attempting to get from the Web server to a more central machine,” the staff explained in a short note on Tuesday. “At 20:52, the attempt was successful thanks to information gleaned from a poorly located backup file. The next day, at 14:13, the hacker returned to the central server and replaced the main Ars webpage with a defacement page that streamed a song from the band Dual Core.”
Fortunately, the publication’s technical team took only 15 minutes to take control of the server again and to return the webpage back to normal, but they had to spent the entire afternoon to make sure that the hacker is locked out for good and everyone at the publication is safe: they changed internal passwords and certificates, and hardened server security.
Unfortunately, a later perusal of the log files showed that the attacker might have copied the user database.
“This database contains no payment information on Ars subscribers, but it does contain user e-mail addresses and passwords. Those passwords, however, are stored in hashed form (using 2,048 iterations of the MD5 algorithm and salted with a random series of characters),” they said, but nevertheless urged registered readers to change their password on the Ars account, and on any other account they have used it for.