Nearly two months after, is once again taken over by hackers. The forum has been attacked and captured by another hacking activity. Well, not only the website, has warned users that their passwords can be captured with a ‘man-in-the-middle attack’. Hence, if you are using the same email address and password for any other website, then your accounts are in danger.’s warning for its users has declared in its blog that another hacking activity took place and passwords being used for accessing the website on December 1 and December 2 can be captured. The warning message reads that –

“If you used your password to login between 06:00 Dec 1 UTC and 20:00 Dec 2 UTC, then your password may have been captured in a man-in-the-middle attack, and you should change your password here and wherever else you used it. If you were only logged in via the “remember me” feature, then you’re OK.”

The discussion forum has notified some users that their passwords have been compromised when the Domain Name System (DNS) registrar was violated by hacking activity. The hacker spotted the flaw with the AnonymousSpeech registrar, the DNS registrar of the website.

The hacker used the alias Theymos’ to write the administrator of to change the DNS point to Though immediate action was taken to move the site to a different registrar, but the transformation will take about 24 hours of time. In the meanwhile, attackers can change the forum traffic, access and capture the passwords used during login and authentication cookies.

Whose passwords can be intercepted by attackers?

However, there is a silver lining. Passwords which were not typed in their passwords on the day when forum is hacked will not be intercepted. Hence, users are not at the risk of getting their passwords compromised if they have used automatic entry of passwords through ‘remember me’ option. cautioned users not to use the forum in the next 20 hours unless they can ensure that they are using the right server. In order to ensure that, users need to add ‘’ to their hosts file or they can use any plugin to check if they are communicating to the following server with the TLS certificate SHA1 fingerprint of –


In addition to this, the attacker Theymos also notified that has been threatened by distributed denial-of-service attack or DDoS and two attacks are related.