Over 1 million user credentials compromised in Android Forums hack
Phandroid, a popular Android news site, has confirmed that its Android Forums web site was compromised and that private user data has been accessed. According to Phandroid's notice about the security breach, the user table of Android Forum's database was accessed by unknown intruders using a known exploit, which has since been fixed.
The database in question contains a variety of information on forum users, including usernames, email addresses, hashed and salted passwords, registration IP addresses; also other forum-related data, such as last time online and post date as well as post count. Based on current information, the site's community manager says that they cannot confirm if the data was in fact downloaded, adding that they believe the attack was "most likely an e-mail harvesting attempt". Additional steps to further harden server security and "extra 'just in case' actions" have also reportedly been taken.
All of the forum site's more than 1 million users are potentially affected by the security breach. The site's administrators advise all users to change their passwords as soon as possible through the User Control Panel (UserCP) or by using the "Forgot your password?" function.
(crve)