Mibbit and the UVB-76

Before going any further - If you happened to use the same Name/Password combination any place else than registering your nick in Mibbit UVB-76 chatroom, please change them now!

If you can not access Mibbit with your nickname, see instructions at
http://mibbitblog.blogspot.com/2011/08/how-to-recover-nickname-and-channel.html

As you may have noticed, the UVB-76 is now linking to a different IRC host for chatbox than earlier.

The chatroom has become a wonderful resource thanx to its users and as far as Shortwave Radio and Number Stations information goes, it probably has the set of best people available in the whole world. Well, the ones who talk, anyway.

For the reasons outlined below, the community has decided to migrate from Mibbit chat channel #uvb-76 to a Freenode channel #priyom. This is pity, as Mibbit web client is way better quality then  Freenode client, but at least temporarily, Mibbit has lost its credibility among users. Therefore the chatbox is now pointing to new chatroom.

The #uvb-76 channel is kept, however, up and running, as it has much better look and feel and it does also asupport embedded justin.tv window. This is mostly important as I will be launching a new service, benefiting from having the justin.tv screen and chat running next to each-other. More about this later this week.

Now the details of, what has happened.

What happened two weeks ago is that Mibbit, the company/server hosting the chat, got hacked. The details can be found here: http://mibbitblog.blogspot.com/2011/08/update-at-risk-nickserv-nicknames.html

The short version is that Mibbit kept some old copy of users password database in one of the development machines and as is the case too often with development environment, this was not secured enough. Albeit, the passwords file got stolen.

It would not have been a problem, if it would not been a standard showcase of many DO NOT' s. First, the database was (or seem to have been) a plain-text. This is something what you never do these days, as you will severely compromize your users security. People often use same passwords all over the places and if something like this gets loose, it may cost someone his entire entity in cyberspace. (Beware - if any service is able to send you your password after registration, they are keeping the passwords the way they shouldnt. Passwords shall ONLY be stored in hashed form, what prevents them to be reverse-engineered from password file.

The second mistake Mibbit did was not to warn its chatroom owners that something like this has happened. The absent communication effectively prevented for any timely damage control to happen.