“As you may have noticed, earlier today the password for every Q account was changed. This was due to a suspected leak of some encrypted passwords from the QuakeNet website, shortly beforehand, causing the passwords to be changed as a precautionary measure whilst we investigated”, magpie reports at the QuakeNet website.
The site also recommends that if you use this same password for other services, on IRC or not, to change those passwords as well.
“We would like to assure users that we are working hard to ensure this cannot happen again, and we apologise for any inconvenience caused”, magpie finishes.
Update 23 Nov: We have been able to contact Magpie now concerning this issue. There was quite some rumour that the leak was caused by the currently know phpBB exploit.
“… yes, the initial point of entry was through the forum. I’m not completely blaming phpBB here, we obviously have to take most of the blame; although it was mainly due to an unfortunate set of circumstances whereby the copy of the password hashes was in the process of being moved (intending to be left on the same box as the forums for a short period of time, alas this period of time was too long)”, Magpie replies to IRC-Junkie in a reaction.
The database in question was however not Q’s main database Magpie assured IRC-Junkie. “This is always kept physically separate, and always will be.”
“… we’re taking steps to ensure this doesn’t happen again, and that we’re deeply sorry for any inconvenience this has caused”, Magpie finishes.