Android Forums hacked: 1 million user credentials stolen

Phandroid's AndroidForums.com has been hacked. The database that powers the site was compromised and more than 1 million user account details were stolen. If you use the forum, make sure to change your password asap.
Written by Emil Protalinski, Contributor
Android Forums hacked: 1 million user credentials stolen

Phandroid has revealed that its Android Forums website was hacked this week using a known exploit. The data that was accessed includes usernames, e-mail addresses, hashed passwords, registration IP addresses, and other less-critical forum-related information. At the time of writing, the forum listed 1,034,235 members.

If you are one of them, you should change your password: go to your UserCP or use the Forgot your password? function. Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well.

In a post titled Important Notice - Security Breach, Android Forums administrator "Phases" posted the following facts about the breach:

  • The exploit used has been identified and resolved. The server has been further hardened and extra "just in case" actions have been taken.. and will continue to be taken.
  • All code that resides in the database and the file system has been thoroughly reviewed for malicious edits and uploads.
  • No other sites in our network appear to have been accessed (we're triple checking).
  • The user table of AndroidForum's database was (at a minimum) accessed. While we can't prove or disprove whether or not the data was downloaded (due to the way the data was transferred), it's completely possible.. and we've taken action assuming this is the case.
  • Information in the user database includes: Unique ids, usernames, emails, hashed (encoded) passwords, registration IP addresses, usergroup memberships, infraction levels, last time online, last post date, post count... as well as far less critical things like number of PMs, visitor messages, last online dates, and some vbulletin options set in your UserCP.
  • Immediately following the incident, all ~100 staff were notified of a pending password change - and all passwords to were changed to random strings. Almost all are back in with new passwords. Because gaining access to a staff member account could pose the biggest threat, we first moved to secure these accounts.

Phases also noted that he believes this was an e-mail harvesting attempt. In other words, whoever hacked Android Forums was looking for e-mail addresses to spam at a later time. That being said, the attack could have also been done just for kicks. Either way, Phandroid is still investigating the breach.

See also:

Editorial standards