No, he did not find license information as he thought he did. We do not keep license information in a database someone can reach. He got an old email list of wwwwthreads customers and sent an email to you all. That's all he got.
Here is how he did it and how you can protect yourself.
A: There was a problem in beta 1 of version 5.5 that disabled the upload file filters.
B: Threadsdev.com did not update their board.
C: This person used that lack of filters to upload a php script using the uploads feature to gain access to the config file. He then uploaded a Mysql manager and gained the userlist for the board.
What that got him: A list of usernames and email addresses. He did not get passwords, they are encrypted. He did not get license numbers.
Formerly when you bought a wwwthreads board Rick added your registration to his old support board automatically. Your email address was also added. This is the list he got. The old list of wwwthreads owners and the old email address list.
Please let me reassure you that passwords are encrypted in the database. They cannot be read. Let me also reassure you that at no time were your license numbers or Member Area passwords at risk. Contrary to this fellows claims they are not kept on a server that has beta software living on it and public access.
How do you prevent such a thing?
If you are on UBBThreads 5.5 beta 1 update to 5.5. Make sure that if you have uploads enabled that you are prohibiting .php, , php3, .phtml, exe, .bat, .pl, and .cgi files being uploaded.
We sincerely apologize to anyone that recieved this email.
Honor The Victims
