[B][B]BabyPips.com Was Hacked [/B]
[/B][Posted on behalf of our Co-founder, Odell Ramirez][B]
[/B]If you follow the news, you know that there have been widespread reports of large-scale security attacks on organizations including the U.S. government, Facebook, Microsoft, Apple, Twitter, NBC, the New York Times and the Wall Street Journal. And that’s just in the last month. Add BabyPips.com to that list.
We’re currently finishing up an investigation into a recent security incident where an attacker gained unauthorized access to one of our servers. Last week we experienced a few hours of downtime due to a database issue. During our process of system checks, we became aware of a piece of software code that shouldn’t have been there. After further analysis, it became apparent that this code, though inactive, was malicious in nature and most likely intended to look for social security numbers and credit card numbers (which we DO NOT ask for). Upon finding this code, we immediately took measures to remove it and patch the vulnerability that allowed access to that server. It was later determined that the attacker also gained access to member information, specifically usernames, email addresses, and encrypted/salted versions of passwords on that same server.
As a precautionary measure, all passwords have been reset. You will be prompted to change your password at your next log in to BabyPips.com (you may have already been prompted to do so in the past 24 hours). Your old password will not work. Please take this opportunity to create a strong (unique and complex) password including a combination of numbers, uppercase and lowercase letters, and special symbols.
We’re truly disappointed by this event, but we’re doing everything we can to ensure it doesn’t happen again. We’ve already made some internal changes to help improve our own security efforts, and we will continue to make computer and server security our priority. It will be an ongoing effort, but we’re committed to doing the best we can to keep your personal information safe.
If you have any questions or comments about this, please contact us at firstname.lastname@example.org.