, ,

Android Forums hacked; password reset notice issued

Not for the first time though.

Android Forums, a popular platform for Android users, has announced that its servers were accessed by a third-party resulting in a data breach.

In a security notice, the website administrator wrote that 40 members of the forum (2.5 percent) who registered between registered in 2016 and 2017 had their accounts compromised. Around 50% of the impacted accounts never posted on the forum which leads to the conclusion that they weren’t real users but bots.

The stolen data contains email addresses, hashed passwords, and salts but none of the usernames were taken. However, good news is that all passwords have been reset.

Furthermore, investigations are still in process. Therefore it’s too early to assume what happened or how attackers were able to access the database. Nevertheless, the administrators believe that it could be because of a phishing attack.

It must be noted that one of the forum’s staff members was also impacted by the breach which is not surprising since hackers are successfully cracking passwords from previous data breaches and using them for further attacks.

The forum is implementing new security measures including site-wide HTTPS support,  2-step authentication requirement for their staff and passwords randomizing of inactive accounts.

This is not the first time when Android Forums was security issues. In 2012, the forum suffered a massive data breach in which user credentials of 1 million users were stolen.

At the time of publishing this article, the Android Forums was down for scheduled maintenance but you can still go through the security notice through Google Cache.

 

Written by Bianca Gerber

Bianca Gerber is a journalist who is working for the country's largest newspaper. She has a keen interest in reporting on activism and hacktivism.
She is also a contributor at EU based Revolution News media. Bianca reports and writes for Cyber-USA on IT security related topics.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code