I don't recall if I ever registered over there - if so it's been many years. But this incident has prompted me to make two changes I've been pondering.

Signing into any forum or blog, it'll be a throwaway password. And I'm likely to not register to post anywhere that I don't have to anymore. I've always had a nagging feeling about other people having access to passwords.

Note that phpbb.com was hacked and not phpbb3. The attacker gained access through a third party software called phplist. There was an exploit released on January 14th that was not patched until just before the attackers actions became evident a full two weeks later. There's a pretty accurate article here:

[theregister.co.uk...]

If you have logged into phpbb.com since it was switched to phpbb3 more than a year ago your password should be safe as those passwords are stored much differently than those in phpbb2 however the old passwords are not converted until you login. So if you have an account at phpbb.com and have not logged in within that time frame your password is very easily decrypted.

In any event whatever the case even if you have logged into phpbb.com since it upgrded to phpbb3 and if you use the same password on phpbb.com that you use anywhere else I'd strongly suggest changing it..

> Signing into any forum or blog, it'll be a throwaway password.

Alternative:

if your password is ABCD123
for phpbb.com use pABCDh123
for webmasterworld.com use WABCDE123
for twitter = tabcdw123