Our User Accounts Have Been Hacked
After talking to a security expert regarding the breach that we've been dealing with, it's been determined that the best course of action is to reset everyone's passwords. For more details, you can read this thread in the forums. Once again, sorry for the ongoing hassles.
It is with no small amount of embarrassment that I report that I was informed today (September 8, 2014) that our user accounts have been hacked.
When ComicBookDB.com originally started, we were storing user passwords in plain text in the database. This is now considered to be a very bad idea and we eventually switched to encrypting those passwords in the database but, much to my chagrin, I neglected to eliminate the plain text passwords from the database. As a result, someone managed to gain access to our database table of users and retrieved all user names and passwords.
What Does This Mean For You?
First and foremost, I can assure everyone that we don't store any vital personal information in our database other than your name, e-mail address and birth date (if you provided it). There is no credit card data or anything of that magnitude in our servers so you can rest easy on that point.
Additionally, I have immediately deleted the old plain text passwords from our database so that they are no longer stored there. All passwords are now only fully encrypted.
What Should You Do?
I highly suggest that you change your password as a safety precaution and if you ever use that password on other websites, it would be very prudent to change those passwords there as well.
Where Do We Go From Here?
I want to personally apologize for allowing this to happen and pledge that I will work my hardest to make sure that something like this doesn't happen again. We really value all of our users here at ComicBookDB.com and try to do our best to make sure that you have a pleasant time here on the site.
If you have any questions, you can feel free to contact me either via Twitter or by e-mail.