They most likely would be asked not too comment if LE was involved and I think it would be inappropriate no matter what.

It should be noted while the passwords are not uncrackable they are fairly robust, of course you shouldn't be using the same passwords on numerous sites to begin with. My greater concern would be any information shared in private messages.

Just a FYI I'm a former team member as a moderator.

I really do appreciate your input, thecoalman, because the correspondence I have had since the thread on the topic was locked is really bumming me out.

Now it has been over one month and they publicly stated they knew who did the hacking because the hackers told them it was a kind of just-to-see-if-we-could-do-it thing. They also were quite public about it being the complete database that was stolen from both Area 51 and the phpBB site.

Now I can't even get an answer to the question of whether they even reported this to law enforcement. That makes no sense at this point in time. It is a simple question -- yes or no.

And there is a group of us that have this feeling that we, as the victims, have certain rights in this matter. That we have waited long enough. I wrote a post on December 28th offering my view to a member that it was too early at that stage to ask for specifics. But now we are two weeks into January and we can't even get a straight yes or no to, "Did you contact law enforcement?"

That is beginning to disturb some of us. Actually, beginning to seriously disturb some of us.

And we are informed that all the sites are fixed, have been checked, and all is fine. So if they are publicly stating that all is fine then that has to mean they have all details of what happened, or they wouldn't be able to assure us everything is fine because they still wouldn't know how much damage was done.

Still, the key point is our rights. That's it in a nutshell for us. Do we have the right to know what happened? If we don't have that right, then it's time to find out a way that it can be written into the laws to give us the right. It's our data which was stolen.

By the way, your point about the PMs is a biggie. Possible email lists getting out and ending up getting spammed is another worry. Putting other information together could be troublesome for some.

Oh yes, and there is also the problem that there are still many people that don't know about this. No email alerts have been sent out. We are informed they didn't have the server resources to do that. That is how I started getting involved by asking what it might take to see that the resources would be there in future.

I was thinking of a donation drive just for that purpose. Then I found out phpBB is not an NPO. That really screwed things up because of misinformation posted on Linkedin. And the hammers came down on me hard when I tried to get answers. They made my head flat.

An old man with a flat head and now even uglier than when this all started before Christmas.

thecoalman, I have to apologize for my not paying close enough attention to that point you made about the PM system. I've sort of got my head up my butt on any issue that doesn't directly relate to what rights we have in this case.

But just a few minutes ago I was discussing this matter on the phone with some people and it hit me that those PMs would be in plain text, yes?

So we have an immediate data breach concern, yes? There isn't any need for special software to crack any encryption with regard to the PM system, yes?

I'm afraid it is only just now beginning to sink in what that means. That's a whole bunch of people that are totally screwed if they had put sensitive information into any PM. Or had put just plain private information.

And phpBB didn't send out any email alert. People may have private information that was in a PM floating around on the Net and they don't know it. That's really not good, to put it very, very mildly.

The very little attention this topic has received thus far worries me.

You might want to ask why I am worried.

I am worried because I think it is incumbent upon us to police up our own industry or we risk others coming in and doing it for us.

Now we have here an irrefutable case of a leading member in this industry acting in an irresponsible and disrespectful manner.

What are we going to do about this? Nothing?

You don't think it is our duty to voice our concerns?

If you feel that way, then I believe many can state that we have no right to chastise the politician that takes up the cause and demands the laws be written to protect certain members of online communities from such acts of irresponsible and disresepctful bahaviour.

I've seen it written by some on sites such as this that lawmakers don't know what they are on about when they draft laws for such cases like this, but if we do nothing about this case we are essentially handing some upstart politician a cause célèbre. We would only have ourselves to blame, if we do nothing.