The Bitcoin-only poker Web site Seals with Clubs recently announced that all user passwords were reset after the data center the site had been using permitted unauthorized access to a database server (h/t Ars Technica).
As a result, the company says, its database containing user credentials was likely compromised. While the passwords were salted and hashed, all users are required to change their passwords, and are being advised to change their passwords on any other sites where they used the same credentials.
And Ars Technica reports that the fact that the passwords were salted and hashed shouldn't provide much comfort -- soon before Seals with Clubs posted the announcement, 42,020 hashes were posted to a forum with an offer of $20 for every 1,000 hashes cracked. After one day, two thirds of the hashes were already cracked.
"As a response to this occurrence, a top priority is to further put users' security into their own hands beyond offering two-factor authentication," Seals with Clubs said in a statement. "This includes the ability to permanently lock withdrawal address, locking out the transfer feature, and locking out account access except for a set of IPs (at least one of which must be the currently used IP). Expect to see these features in the near future."