Android Forums is the latest victim of a data breach; roughly 2.5 percent of users have been affected.The moderators at the Android Forums confirmed they’ve been able to identify the alleged compromised accounts; in response to the incident they have reset the passwords for those accounts.
The moderators added that many of the affected accounts were older and half of them had never posted to Android Forums.
“Unfortunately, we were recently informed by our server engineers that the server hosting Android Forums was compromised and the website’s database was accessed.” reads the data breach notification published by Android Forums. “While this breach was relatively small, affecting less than 2.5% of our active users and limited data accessed, we want to provide as much helpful information as possible so you can take some steps to protect yourself.”
The hackers who breached the database of the forum accessed email addresses, hashed passwords, and salt. The moderators warn users of possible spear phishing attacks leveraging on stolen data. “This could simply be an e-mail harvesting attempt. A spammer could run the acquired e-mail addresses through a validation tool, then bulk e-mail all valid e-mails in a spam or phishing campaign. Luckily, Gmail and similar e-mail services offer strong spam prevention that automatically filters potential spam and phishing attempts or provides warning,” reads the notification. “At any rate, with e-mails phishing attempts could be made. They could pretend to be us, with e-mails sent out. Be cautious with what is asked of you in an e-mail. We will never ask for your password in an e-mail.”
Of course, it is strongly suggested to every user of the Android Forum to change their passwords as a precaution measure.
The administrators of the forum have identified and resolved the flaw exploited by the attackers; they have also implemented further measures to harden the site.
Below is the data shared by the administrators in the advisory:
• The exploit used has been identified and resolved. The server is being further hardened and extra “just in case” actions are being taken.
• No other sites in our network appear to have been accessed.
• We were able to replay the attack and log the output – identifying all accounts compromised. We have targeted an e-mail, and this notice, to those accounts.
• Only 1 staff member was affected. Only about 40 people who have registered in 2016 and 2017. The rest are older accounts.
• Over 50% of accounts compromised never posted on the site, leading us to believe many of those were bots.
• Information taken: Email address, hashed password, and salt. Usernames were NOT taken.