Android Forums Hacked, 1 Million Accounts Compromised

Posted by · July 12, 2012 12:45 pm

If you’re a frequent user of the Android fan site Phandroid, you’re might want to update your login information as soon as possible. According to the site, its Android Forumswebsite was hacked this week. As a result of the breach, more than one million accounts had been compromised, with everything from usernames and email addresses to hashed passwords and registration IP addresses being stolen.

Hacker Stock PhotoFor those whose accounts were hacked, it is recommended that login credentials be updated immediately. This can be done by going to the UserCP page or using the “Forgot your password?” function located on the Android Forums site.

Regarding the details of the breach, the site posted the following list of facts in a post entitled “Important Notice – Security Breach”:

– The exploit used has been identified and resolved. The server has been further hardened and extra “just in case” actions have been taken.. and will continue to be taken.

– All code that resides in the database and the file system has been thoroughly reviewed for malicious edits and uploads.

– No other sites in our network appear to have been accessed (we’re triple checking).

– The user table of AndroidForum’s database was (at a minimum) accessed. While we can’t prove or disprove whether or not the data was downloaded (due to the way the data was transferred), it’s completely possible.. and we’ve taken action assuming this is the case.

– Information in the user database includes: Unique ids, usernames, emails, hashed (encoded) passwords, registration IP addresses, usergroup memberships, infraction levels, last time online, last post date, post count… as well as far less critical things like number of PMs, visitor messages, last online dates, and some vbulletin options set in your UserCP.

– Immediately following the incident, all ~100 staff were notified of a pending password change – and all passwords to were changed to random strings. Almost all are back in with new passwords. Because gaining access to a staff member account could pose the biggest threat, we first moved to secure these accounts.

Android Forums also notes that the most likely fallout from such a breach would be a massive spamming campaign. “Luckily, Gmail and similar e-mail services offer a ‘spam’ button that helps it to collectively identify and automatically filter potential spam,” the site said, reassuring its users. Other possible ramifications of the attack include imposters pretending to be registered users on the site, blackmailing the site using threats to post the information publicly, as well as a few other, less likely possibilities.

Although Phandroid is confident that it has neutralized the problem, the matter is still being investigated. If you are an Android Forums user and have more questions about the breach and what you should do to protect your information, a thread has been opened at the end of the notice.

For more on Android Forums and other data breaches…