When they open this email they will discover that the poker and gambling forum they have grown to love has been hacked into by a skilled hacker and this person now has access to every member's email addresses and encrypted passwords. What is more the hacker has also demonstrated an ability to decrypt the passwords so potentially has control of every account on Two Plus Two.
The email reads in full:
Dear Two Plus Two Members,
On April 26th at approximately 11:20 AM pacific time, the Two Plus Two Forums were closed as a result of a hacker who has displayed the ability to access e-mail addresses and encrypted passwords. He also indicated the ability to decrypt passwords.
While it is unclear the extent of data to which he gained access, e-mail addresses and passwords on the Two Plus Two forums should be considered compromised. If you have used your 2+2 password on any other site, you are advised to change it.
For your security, we are closing the forums until the breach is patched. Upon reopening the forums you will be forced to change your password - it is counterproductive to do so now.
We hope to be back up as soon as possible.
Best,
Two Plus Two Interactive
For a short while last night -- UK Time -- this message was also displayed on Two Plus Two site when you attempted to visit it in your browser but attempting to visit the site now is a pointless task as the site has been completely taken down from the web in an attempt to find a fix for the vulnerability.
One of the moderators on Two Plus Two, a very tech savvy individual, has written and published a great article on his personal blog with some steps members can take to ensure that the hacker does not gain access to any other personal accounts away from Two Plus Two.
One such piece of advice should be taken on board by everyone and that is not using the same password for every site you are a member of. I have been guilty of this in the past but now I use a completely randomly generated password for every site I have to log into. Imagine how frustrating it would be to not have control of a forum account but then if they had your password and personal information they could take control of your email, Facebook, bank and poker accounts. DO NOT use the same passwords for anything. Personally I would recommend a free piece of software called LastPass which manages and creates passwords for you. All you need is one master password and LastPass will allow log you into sites automatically and if you need a new password for a site it will generate one for you.
Other advice includes activating the two-step verification on your email account if that is a function available to you and double checking by a non-internet based method if the files or request from people you only really know through Two Plus Two make their way into your email inbox over the next few weeks.
Hopefully most people will not face any loss of funds or privacy through this but it serves as a stark reminder to keep your internet security up to date.
Please be aware that nobody from Betfair Poker or any of the Betfair products will ever ask you for your password under any circumstances. Please bear that in mind for now and future reference.