Android Forums, a popular platform for Android users, has announced that its servers were accessed by a third-party resulting in a data breach.
In a security notice, the website administrator wrote that 40 members of the forum (2.5 percent) who registered between registered in 2016 and 2017 had their accounts compromised. Around 50% of the impacted accounts never posted on the forum which leads to the conclusion that they weren’t real users but bots.
The stolen data contains email addresses, hashed passwords, and salts but none of the usernames were taken. However, good news is that all passwords have been reset.
Furthermore, investigations are still in process. Therefore it’s too early to assume what happened or how attackers were able to access the database. Nevertheless, the administrators believe that it could be because of a phishing attack.
It must be noted that one of the forum’s staff members was also impacted by the breach which is not surprising since hackers are successfully cracking passwords from previous data breaches and using them for further attacks.
The forum is implementing new security measures including site-wide HTTPS support, 2-step authentication requirement for their staff and passwords randomizing of inactive accounts.
This is not the first time when Android Forums was security issues. In 2012, the forum suffered a massive data breach in which user credentials of 1 million users were stolen.
At the time of publishing this article, the Android Forums was down for scheduled maintenance but you can still go through the security notice through Google Cache.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.