Android Forum, an online website for over one million forum users announced that the server hosting Android Forum was illegally accessed by hackers in October 2011 and that the site’s database was compromised and that approximately 745,000 member’s information was stolen. The members/users of Android Forum are being asked to change their password and to change their passwords at any other site they had used the same password for.
According to the Security Breach Notice posted on Android Forum’s website the known tactic the hackers used to gain access to their network has been “identified and resolved” and that steps were taken and will continue to be made to protect and “harden” the security of their server. Android Forum’s Community Manager, known as Phases said, “The user table of Android Forum’s database was (at a minimum) accessed, their opinion is that the intent of the breach could be to attempt to bulk email all Android Forum users with the user database.”
The information the hackers could have downloaded includes: User names, unique IDs, user group memberships, email addresses, hashed and salted passwords, IP addresses, last time online, last post date, number of posts, number of PMs, visitor messages as well as other vbulletin options you control in your UserCP.
It appears that Android Forum, in an effort to prevent the hackers from utilizing the breach to carry out malicious activities took this first step to contain it:
Immediately following the incident, all ~100 staff were notified of a pending password change – and all passwords to were changed to random strings. Almost all are back in with new passwords. Because gaining access to a staff member account could pose the biggest threat, we first moved to secure these accounts.
With a username and hashed password one could open a session with accounts on other sites that use the same credentials – if they gain file level access to that site first. These were salted passwords which adds to the complexity, but nonetheless we recommend playing it safe.
So even though Android Forum stated they are “confident the threat has been neutralized” they still are recommending that Android Forum users change their passwords. We have included links for Android Forum users on how to change your password below in Links For Consumers Affected.
UPDATE: If you are using an Android Application to access the forums (Tapatalk, Phandroid App) – they will not register the password change and may flood your email with “someone has tried to access your account” emails. Unfortunately the only advice I have for that is to uninstall/re-install the app, if you cannot change your password from within.
Additional Resources About This Breach:
https://haveibeenpwned.com/PwnedWebsites#BTSec
http://www.pcworld.com/article/259201/online_android_forum_hacked_user_data_accessed.html
http://www.zdnet.com/article/android-forums-hacked-1-million-user-credentials-stolen/
http://www.cnet.com/news/android-forum-site-hacked-data-swiped-on-1-million-users/
https://nakedsecurity.sophos.com/2012/07/13/nvidia-android-forums-hackers/