Today we detected that someone had managed to hack our theindiestone.com forums. We know, 100%, that they have the plain text username and password of the 444 people who have logged in since the 3rd August – the hacker exfiltrated them just before they were encoded (hashed).
It’s also of course conceivable, although there’s no evidence of this, that they have the hashed and salted (ie. encoded) passwords of other forum users too.
As a precaution, we’ve broken the passwords of anyone who used the forums since the 3rd of August. Please use the following link to reset your password:
For everyone else, we strongly recommend you change the password you use on the forums for good measure. If you use it anywhere else, you should change it there as well.
Our apologies for the inconvenience.