Android Forums Suffers Data Breach
24.3.2017 securityweek Android
Android Forums, one of the most popular online Android communities, informed members this week that the server hosting its website has been breached, allowing attackers to access some user information.
According to representatives of Neverstill Media, which maintains Android Forums, hackers only managed to access information on 2.5 percent of active users. The compromised data includes email addresses, hashed passwords and salts.
Neverstill said usernames and financial data were not accessed. The company also noted that the breach only affected one staff member and only 40 users who registered accounts in 2016 and 2017. More than half of the compromised accounts had never posted anything on Android Forums, leading developers to believe they may have been bots.Android Forums hacked
Affected users have been notified via email and instructed to change their passwords. The passwords of impacted accounts that had not been active were automatically randomized.
The accessed information can be leveraged for spam and phishing campaigns, and users have been advised to be cautious.
“This could be someone who is upset with us who hopes to use the information against staff. They could blackmail us and threaten to publish the information publicly,” Android Forums told users.
The vulnerability exploited by the attackers has been patched and various security improvements are being made to prevent incidents in the future.
This is not the first time Android Forums has suffered a data breach. A similar incident took place in 2012, when more than one million users, including staff, had their details exposed. At the time, attackers accessed usernames, email addresses, hashed and salted passwords, IPs, and other data.
It’s unclear why usernames have not been stolen in the latest breach, but Android Forums has some theories.
“Perhaps just in case a null entry was to be found/flagged. Perhaps they were bound by the limitations of the vector they used. Perhaps they were practicing on us,” users were told. “Or, they could be comparing hashes against the previous set to see what has or has not changed.”