As some of you may be aware, last week we updated our version of vBulletin in response to a security vulnerability in an earlier version. For details regarding the vulnerability, feel free to read this thread over at vbulletin.org: link. We've personally performed an internal security audit and the results aren't good.

Through the exploit, it was possible for users to inject code that inevitably allowed them to manipulate the database. Having gone through our repository of traffic logs, we've identified some malicious users who were successfully able to gain access to various parts of the database, one of those being the users table. We've forwarded this information on to the relevant law enforcement agencies, and we'll be following that up.

As passwords in the database utilise a double encryption method with a salt, it means that your passwords, while being safe from rainbow tables and other simple decryption methods, are vulnerable to being bruteforced. However, provided your password is over 8 characters, it would be impractical for anybody to try, as it would take far too long. All passwords should be over 8 characters - mine are always at least 15. As a precaution, we're forcing all users to change their passwords.

If you have a weak password on LG and use it on other sites, we strongly suggest you change them there as well.

If you have any questions or further emails, please don't hesitate to contact me or another member of staff.