TwoPlusTwo Hacked

The hugely popular 2+2 poker forum was hacked this week, with the database of names, email addresses, IP addresses and many more details of users put up for sale – with some passwords available in decrypted form according to Mat Sklansky.

The serious breach was discovered by a friend of Max Silver, the English poker pro writing:

"Heard about the leak from a friend I trust. Another twoplustwo user inquired about his password in the database and it was found. I have not seen the database myself so cannot be 100% about the leak, despite this did feel that holding on to this information was irresponsible. As far as I know the admins have been contacted today."

Silver then tweeted some useful advice for users of the forum, which includes some of the world’s leading players such as Doug Polk, former Main Event winner Greg Raymer, Daniel ‘Jungleman’ Cates, Brian Hastings and many others.

PSA: twoplustwoforum seems to have had a user database/password breach, PLEASE RETWEET and follow information below pic.twitter.com/087cThuKMG

— Max Silver (@max_silver) January 8, 2017

Forum administrator Mat Sklansky wrote of the worrying hack -

"This is being investigated. More info will come soon. In the short term, anyone reading this thread, change your password here and anywhere else you may use it. Database includes accounts created before the 7th of December 2016. The database is for sale to anyone who wishes to buy it. It includes usernames, email address, IP address, birthday, last login date, registered date, password hash. Passwords were encrypted/hashed but anything relatively easy to guess has been decrypted."

The forum is part of Two Plus Two Publishing, a private company established and owned by statistician and poker player Mason Malmuth and is not only a discussion site but also offers a ‘marketplace’ for players to buy and sell action among other things.

The message from the forum bosses to users is fairly simple and very necessary however:

"If you have changed your password within the last 45 days your password should not be at risk, but just in case, if you haven't changed it, you'll be forced to the next time you login. As always, we recommend that you do not use the same password on multiple sites, but if you have done so we suggest you change the passwords on those sites as well. We also suggest that you do not rely on a user's Two Plus Two Forums identify when conducting any meaningful transaction."