An unauthorized third party gained access to the administration of our CHIP bulletin board. CHIP is taking this matter very seriously and has therefore taken the board offline immediately. Furthermore we have contracted independent forensic experts to investigate the incident. The board will operate in a read only mode until the attack vector has been determined and the source of vulnerability has been patched. Until then, the login to the system will not be possible.
What does this mean for the affected user?
We are uncertain at this point, whether user data was taken. This notification is a precaution for your protection. It cannot be ruled out that email addresses and encrypted passwords (so called password hashes) were taken. The attacker could attempt to use the hashes to decrypt weak passwords. Therefore we urge all users of download.chip.eu to change their passwords immediately. If you are a user of forum.chip.de, you have to change your passwords once the login is activated again.
What is CHIP doing, to prevent such attacks in the future?
Together with external experts we are verifying the exact attack vector and patching the exploited source of vulnerability. We will post a message in the forum once the login will be possible again.
You can find additional information and tips in the FAQ.
We take our users’ security very seriously and will do everything possible to protect it. If you have any further questions please feel free to contact us at firstname.lastname@example.org. If you want to delete your account, please send an email with subject “Delete” to email@example.com containing your username. Thank you for your understanding.
We regret the incident.
Florian Konrad Schmitz, team leader social and community, in the name of the whole community team
CHIP Digital GmbH
CHIP Communications GmbH
Tel +49 (0)89 / 7 46 42-500
Fax +49 (0)89 / 7 46 42-261
Geschäftsführung: Thomas Pyczak (CEO), Dr. Georg Pagenstedt (CMO), Thomas Koelzer (CTO), Markus Scheuermann (CFO)
Verantwortlich i. S. v. § 55 Abs. 2 RStV: Martin Gollwitzer und Carl Schneider,
St.-Martin-Straße 66, 81541 München
Registergericht München HRB 104168
USt.-Ident.Nr. DE 155 289 492