Online Android forum hacked, user data accessed
Users have been advised to change their passwords since Tuesday
IDG News Service - Android Forums, an online forum for Android users, was the target of a hacker attack that could have led to user information including passwords getting compromised, its operator Phandroid.com said on Thursday.
Members of Android Forums have been asked to change their passwords ever since Tuesday, after it was found that the server hosting the forum was compromised and the website's database was accessed. The forum has over 1 million users.
"The user table of AndroidForum's database was (at a minimum) accessed," an Android Forums Community Manager, called Phases, said in a post on the website on Tuesday. He said it was completely possible that data was downloaded, and the forum has taken action assuming that it was.
Information in the user database included information such as unique IDs, usernames, emails, hashed and 'salted" passwords, and registration IP addresses, according to the post. A hash is a cryptographic representation of a password, and salted hashes involve inserting random characters into the hash.
Following the incident, passwords were changed to random strings, starting with those of about 100 staff. All code in the database and the file system was also reviewed for malicious edits and uploads, and it was checked that other sites on the network were not accessed.
The hack was most likely an email harvesting attempt, the community manager said. "A spammer could theoretically attempt to bulk e-mail all AF users with the user database," he added.
Users have been advised to change their password on Android Forums and other sites where they may use the same username and password. "This can be done while logged in through your UserCP, or using the "forgot your password?" page if logged out," according to the post.
"It seems like online security breaches are, unfortunately, just a sign of our times," Phandroid said referring to the hacks reported during the week at Yahoo and Formspring. It also said it was looking for a penetration tester that can help it with an audit.
A group of hackers published on the Internet on Thursday a list of over 453,000 log-in credentials that were allegedly stolen from a database associated with an unnamed Yahoo service.
Formspring, a social networking site, said Tuesday that it had a security breach which may have led to some user passwords being accessed. 420,000 password hashes from Formspring were posted to a security forum. The company disabled all user passwords, and prompted its about 28 million users to change them the next time they logged in.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts