Android Forum hacked! Change Your Password Now

If you are a users of Android Forums (androidforums.com) then here is a bad news for you all, because it is the latest site suffered from data breach.

Popular Android forum have announced the data breach notification and confirmed they’ve been able to identify the alleged compromised accounts, in response to the incident they have reset the passwords for those accounts.

Moderator said overall about 2.5 percent of users have been affected by this security breach.  However, most the accounts were older and half of them had never posted to Android Forums.

On the breach notification they wrote-
“Unfortunately, we were recently informed by our server engineers that the server hosting Android Forums was compromised and the website’s database was accessed.”  “While this breach was relatively small, affecting less than 2.5% of our active users and limited data accessed, we want to provide as much helpful information as possible so you can take some steps to protect yourself.” - they added.
On this breach hackers had accessed email address and salt hash password.

Moderator have also mentioned that they have identified the flaw that hacker had exploited and quickly implemented the fix. Moreover they had also implemented more security and further measure to harden the site.

Below the data shared by the administrators in the advisory:
  • The exploit used has been identified and resolved. The server is being further hardened and extra “just in case” actions are being taken.
  • No other sites in our network appear to have been accessed.
  • We were able to replay the attack and log the output – identifying all accounts compromised. We have targeted an email, and this notice, to those accounts.
  • Only 1 staff member was affected. Only about 40 people who have registered in 2016 and 2017. The rest are older accounts.
  • Over 50% of accounts compromised never posted on the site, leading us to believe many of those were bots.
  • Information taken: Email address, hashed password, and salt. Usernames were NOT taken.
For better Security, administrators include site-wide HTTPS support and a new 2-step authentication requirement for internal staff.

This is not the first time that Android forum have suffered from data breach, earlier also on 2012 it suffered from huge breach, where 1 millions users have been affected.
Read Also
Post a Comment