We write to report emerging news of certain elements of Mibbit (an AJAX IRC client service) being hacked. The proof of hack
is further backed up by Mibbit’s official statement
Because of the nature of Mibbit’s front end, your web browser cannot connect directly to IRC. Rather, it has to connect via a Mibbit back end service in order to make a connection. This is comparable in some ways to connecting via a dodgy Russian proxy. The intermediate party (Mibbit in this case and a dodgy Russian in the case of the proxy) can view all transmissions made to IRC and do as they please with that data.
For you, as GeekShed users, this should flag up some major concerns. The first of these is that Mibbit appears to log all private messages. Mibbit has refuted these claims and stated that private messages are only logged when permission has been given by the user. GeekShed questions the legitimacy of this as both parties should surely be complicit in the logging of their conversations on a 3rd party server. We can only assume that this includes messages you sent to GeekShed’s services (NickServ, ChanServ, etc.) when registering and identifying to your nicknames and channels.
We are, as an immediate precaution, recommending that anyone who has registered their nickname or ever identified to it, using Mibbit, changes their password as soon as possible. If you are using the same password for other services such as Facebook, Twitter, E-Mail, etc. we strongly suggest that you change these passwords also to avoid these accounts being compromised.
We also strongly suggest that our users cease to use Mibbit at their earliest convenience. GeekShed offers a flash alternative and also fully supports use of the lightirc client.
To change the password of your nickname, use the following command, when you are identified to that nickname:
/NS SET PASSWORD yournewpasshere
To change the password of your channel, use the following command, when you are identified to the channel founder’s nickname:
/CS SET PASSWORD yournewpasshere
If you have any questions, don’t hesitate to find us in #help.