Date: Sat, 28 Feb 2009 00:00:00 -0000
From: Ethical Hacker Community Forums 
To: ##########@attrition.org
Subject: EH-Net Compromise Disclosure

EH-Net Compromise Disclosure

EH-Net was compromised a few months back, and we are asking all members to 
immediately change their passwords. Although we do not hold any sensitive 
data such as social security numbers, credit card numbers, date of birth, 
etc., we still realize that, although it is not recommended, some members 
may use the same password for social sites such as our as they do for more 
personally sensitive sites. If this is the case, please immediately change 
those passwords, too, and make both follow complexity guidelines.

We apologize for the late notification, but while we were in the process of 
cleaning the mess, we did not want the attackers to be notified. Our 
intention was to prevent multiple notifications and required actions by our 
members. Although we feel very comfortable in the status of the site and had 
planned on notifying all members, someone beat us to the punch. 
http://www.milw0rm.com/papers/297. We are providing this link, so that our 
members can see that a select few accounts and their passwords have been 
released to the public. We do not know how many more they have or will make 
public. This makes it even more urgent to change your passwords.

We apologize for any inconvenience this has caused. Although many other 
sites have experienced the same issues, and we are clearly a target based 
on the content of the site, this in no way excuses us for this incident.

Donald C. Donzal
Editor-in-Chief
The Ethical Hacker Network