Friday, May 27, 2011

LibriVox Hacked

The public domain audibook project LibriVox got hacked (not the first time it seems). There was no open announcement yet [edit: here's the blog post] but as a forum user I received an email:
A hacker broke into the LibriVox forum and got access to our completedatabase including emails and encrypted passwords. We have locked them outof the system, and we’ve fixed the vandalism, but they still have ourdatabase.
In the interests of full disclosure, here is some extra information:(1) The database contained every piece of communications sent through theforum, including all private messages. This information is now in thepossession of the hacker.
(2) All forum passwords in the database are encrypted. However, if yourpassword was very simple, it will be trivial for the hacker to break theencryption using "brute-force" techniques. They will likely attempt exactlythis, so if you use the same password on any other Internet service, youshould immediately change your password at those services.
We are very sorry that this happened, and once this is sorted out as bestas it can be, we’ll be doing a more thorough security review.
Well, I'm glad they are open about this. A great time to update the passwords I use to more secure ones. :)

I would like to appeal to the community to look out for each other and report strange activities like spam posts or random content deletion to site admins, pointing out this recent hacking. Everybody who had a LibriVox account and used their password elsewhere should change it ASAP, especially if moderative or administrative accounts are involved!

... Let me just add a little bit of positive open content news though: I was looking for car blinker sounds, contacted three Freesound contributors and got permission from all of them to re-distribute under CC0, which I did on OpenGameArt. j1987 even added a "all my sounds are public domain" note. :)