In an email sent to all members Wednesday, CardRunners stated they, “identified and stopped an illegal intrusion of the CardRunners servers.”
They confirmed that email addresses, “encrypted passwords” and user IP addresses have been compromised, but assure customers that, “no customer credit card or financial information was compromised.”
As a precautionary measure, CardRunners has reset all user passwords. Members are required to log in with a new password sent to their email address.
It is unclear yet exactly how users’ passwords were secured, and whether there is a risk that the “encrypted” passwords could be decrypted to reveal original plain-text passwords.
It is strongly recommended that all CardRunners members change their passwords on any other poker sites or websites that shared the same login credentials.
Some users on the 2+2 poker forums have reported that they have already started to receive spam to their compromised email account.
A dedicated thread on the CardRunners-sponsered forum has been set up to answer any users’ questions.