Popular Android forum have announced the data breach notification and confirmed they’ve been able to identify the alleged compromised accounts, in response to the incident they have reset the passwords for those accounts.
Moderator said overall about 2.5 percent of users have been affected by this security breach. However, most the accounts were older and half of them had never posted to Android Forums.
On the breach notification they wrote-
“Unfortunately, we were recently informed by our server engineers that the server hosting Android Forums was compromised and the website’s database was accessed.” “While this breach was relatively small, affecting less than 2.5% of our active users and limited data accessed, we want to provide as much helpful information as possible so you can take some steps to protect yourself.” - they added.
Below the data shared by the administrators in the advisory:
- The exploit used has been identified and resolved. The server is being further hardened and extra “just in case” actions are being taken.
- No other sites in our network appear to have been accessed.
- We were able to replay the attack and log the output – identifying all accounts compromised. We have targeted an email, and this notice, to those accounts.
- Only 1 staff member was affected. Only about 40 people who have registered in 2016 and 2017. The rest are older accounts.
- Over 50% of accounts compromised never posted on the site, leading us to believe many of those were bots.
- Information taken: Email address, hashed password, and salt. Usernames were NOT taken.