Android Forums hacked: 1 million user credentials stolen
Summary: Phandroid's AndroidForums.com has been hacked. The database that powers the site was compromised and more than 1 million user account details were stolen. If you use the forum, make sure to change your password asap.
Phandroid has revealed that its Android Forums website was hacked this week using a known exploit. The data that was accessed includes usernames, e-mail addresses, hashed passwords, registration IP addresses, and other less-critical forum-related information. At the time of writing, the forum listed 1,034,235 members.
If you are one of them, you should change your password: go to your UserCP or use the Forgot your password? function. Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well.
In a post titled Important Notice - Security Breach, Android Forums administrator "Phases" posted the following facts about the breach:
- The exploit used has been identified and resolved. The server has been further hardened and extra "just in case" actions have been taken.. and will continue to be taken.
- All code that resides in the database and the file system has been thoroughly reviewed for malicious edits and uploads.
- No other sites in our network appear to have been accessed (we're triple checking).
- The user table of AndroidForum's database was (at a minimum) accessed. While we can't prove or disprove whether or not the data was downloaded (due to the way the data was transferred), it's completely possible.. and we've taken action assuming this is the case.
- Information in the user database includes: Unique ids, usernames, emails, hashed (encoded) passwords, registration IP addresses, usergroup memberships, infraction levels, last time online, last post date, post count... as well as far less critical things like number of PMs, visitor messages, last online dates, and some vbulletin options set in your UserCP.
- Immediately following the incident, all ~100 staff were notified of a pending password change - and all passwords to were changed to random strings. Almost all are back in with new passwords. Because gaining access to a staff member account could pose the biggest threat, we first moved to secure these accounts.
Phases also noted that he believes this was an e-mail harvesting attempt. In other words, whoever hacked Android Forums was looking for e-mail addresses to spam at a later time. That being said, the attack could have also been done just for kicks. Either way, Phandroid is still investigating the breach.
See also:
- The top 10 passwords from the Yahoo hack: Is yours one of them?
- Yahoo confirms 400,000 accounts hacked, less than 5% valid
- Instagram vulnerability: Anyone can add you, see your photos
- Criminals push malware by 'losing' USB sticks in parking lots
- New Android malware infects 100,000 Chinese smartphones
- Hackers steal keyless BMW in under 3 minutes (video)
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
What OS was the server running?
Ouch.
Without Further Information, That's Meaningless
Oh, is that information important?
Also, we've constantly been told that all we have to do to secure ourselves is to switch to Linux. There is no talk of having to do any extra work to secure your software that happens to be running on Linux. No. People here stake their reputations on statements that if we switched to Linux, we would become safe. Now it turns out that reality is more nuanced.
Huh. Whodathunkit?
no you get it wrong
Ever heard of mod_security? iptables? chkrootkit? tcpwrappers?
When a Windows server is exploited, more information is ALWAYS needed, especially because of poorly coded mainstream software like Adobe Flash, Adobe Reader, and Internet Explorer.
Welcome to ZDNet, you must be new here
Nope. Not historically. Not on ZDNet.
Now, if you are suggesting that those who have done this in the past are ignorant little trolls, yes, I would agree.
Were did jd suggest, ignorant little trolls.
(Todds Bott, ZDNET changed to all English format site, ie those that speak English)
Is this trolling?
Suppose you have a wooden door which uses a deadbolt lock to keep the door shut and secure. Now suppose someone finds a fault in the tumbler design of the deadbolt.
Will switching to a steel door, but using the same deadbolt improve security? No; that is, unless you're counting security against crazed, axe-wielding dudes who quote Johnny Carson.
The obvious course of action is to change the the lock or, at the very least, the tumbler for one that's known to be secure. At least secure for now.
Credits (in order of appearance):
Microsoft Windows as "wooden door"
Web site/app as "deadbolt"
Linux as "steel door"
As you see
You're Confused
Servers are a different story. For one, we don't know how this hack occurred. Was it an unpatched vulnerability? Were the admins lazy? Was it improper configuration of Apache? Were they using SELinux policies? Etc..
A server is a sitting target with processes running open to the Internet at large. It doesn't much matter what OS it is, if the service has a vulnerability it can always be exploited and lead to a user level access breach (and sometimes privilege escalation). Most of the time servers are cracked because admins are lazy.
In any case, this was a breach of a web forum, so it's not much of a threat. When I sign up for any web forum I use a disposable e-mail address and a unique password. If my data gets stolen, who cares.
I think what he's talking about is more of a user issue
If a Linux Server is breeched, we're inundated with "It's becuase the Admin sucks!", as it's automaticlly the admin's fault, and nothing else.
It was anonymous...
If you use your real credentials/email for internet forums...
Android Forums hacked: 1 million user credentials stolen
We've been told that in this case, it doesn't matter
Something is different this time. Not sure what though, will have to investigate further.
I'll blame linux
So absent any data or facts...
Wow. Just like NonZealot, I mean Toddbottom, proudly proclaiming himself a troll with that stunning picture, you're proudly claiming to be one as well.
At least you admit it.
Judging by the web page source for the site.
Its real hard
The OS is largely irrelevant
In short, the evidence suggests the site is running on Linux. At the same time, that probably has nothing to do with whatever it was that led to the breach. Despite myths espoused by Linux trolls, the OS (and especially the kernel) usually has very little to do with security breaches.