On Thursday, Two Plus Two user e-mail addresses passwords were reportedly compromised. As a result, the popular poker forum went dark at 2:20pm Eastern Time and Two Plus Two officials sent an alert to members. The message began, “On April 26th at approximately 11:20am Pacific Time, the Two Plus Two Forums were closed as a result of a hacker who has displayed the ability to access e-mail addresses and encrypted passwords. He also indicated the ability to decrypt passwords.”

Whether the hacker was actually able to exploit any of the data remains to be seen. To that end, the same Two Plus Two e-mail indicated, “While it is unclear the extent of data to which he gained access, e-mail addresses and passwords on the Two Plus Two forums should be considered compromised. If you have used your Two Plus Two password on any other site, you are advised to change it.”

Two Plus Two developers promptly shuttered the forum until the hole the hacker used to infiltrate it is closed. When Two Plus Two comes back online, users will need to change their passwords.

At 10:30pm Eastern Time on Thursday, an attempt to access the News, Views, and Gossip forum on Two Plus Two led to a web page that simply read, “The page you are looking for cannot be found.” On Friday morning, the same action led to an error message of, “Problem loading page.”

On PocketFives, a thread in the Poker Community forumserved as a place for members to discuss the Two Plus Two outage. PocketFives Elite member wackyJaxon observed, “Hopefully they shut it down before the hacking got too serious.”

Another member of PocketFives shared what could be considered inside information: “I do know that several dormant accounts there had been hacked over the past couple of weeks. These hacked accounts were used to scam people out of money/poker funds in the P2P transfer and gift card threads.”

The version of vBulletin that Two Plus Two was using could be to blame, although the forum has not confirmed this. To that extent, one user on PocketFives speculated, “That site runs the same software as [PocketFives], but they probably didn’t make a timely update to the core when a vulnerability came up.”

On his own blog, Two Plus Two Mod Noah Stephens-Davidowitz urged users not to change their passwords on Two Plus Two until prompted to do so: “As far as I know, the vulnerability still exists, so changing your 2p2 password will just give you another potentially compromised password to worry about.” He also Tweeted the same information.

Stephens-Davidowitz pointed out that hackers likely now know a person’s Two Plus Two user name, e-mail address, and Two Plus Two password. He concluded, “That’s really bad” and advised players to change the password associated with the e-mail account they signed up for Two Plus Two with.

On Thursday night, PocketFives’ development team suggested that if your Two Plus Two and PocketFives passwords are the same, you should change your password on our forum as soon as possible. You’ll find a link to “Edit E-Mail and Password” under “My Profile” in your PocketFives account’s “Settings” menu. Please e-mail support@pocketfives.com if you need assistance doing so.