Pierluigi Paganini March 23, 2017

Android Forums notified a data breach, according to the moderators at the site roughly 2.5 percent of users have been affected.

Android Forums is the last victim of a data breach, roughly 2.5 percent of users have been affected.

The moderators at the Android Forums confirmed they’ve been able to identify the alleged compromised accounts, in response to the incident they have reser the passwords for those accounts.

The moderators added that many of the affected accounts were older and half of them had never posted to Android Forums.

“Unfortunately, we were recently informed by our server engineers that the server hosting Android Forums was compromised and the website’s database was accessed.” reads the data breach notification published by Android Forums. “While this breach was relatively small, affecting less than 2.5% of our active users and limited data accessed, we want to provide as much helpful information as possible so you can take some steps to protect yourself.”

The hackers who breached the database of the forum accessed email addresses, hashed passwords, and salt. The moderators warn users of possible spear phishing attacks leveraging on stolen data.

“This could simply be an e-mail harvesting attempt. A spammer could run the acquired email addresses through a validation tool, then bulk e-mail all valid emails in a spam or phishing campaign. Luckily, Gmail and similar e-mail services offer strong spam prevention that automatically filters potential spam and phishing attempts or provides warning.” reads the notification. “At any rate, with emails phishing attempts could be made. They could pretend to be us, with emails sent out. Be cautious with what is asked of you in an email. We will never ask for your password in email.”

Of course, it is strongly suggested to every user of the Android Forum to change their passwords as a precaution measure.

The administrators of the forum have identified and resolved the flaw exploited by the attackers, they have also implemented further measures to harden the site.

Below the data shared by the administrators in the advisory:

• The exploit used has been identified and resolved. The server is being further hardened and extra “just in case” actions are being taken.
• No other sites in our network appear to have been accessed.
• We were able to replay the attack and log the output – identifying all accounts compromised. We have targeted an email, and this notice, to those accounts.
• Only 1 staff member was affected. Only about 40 people who have registered in 2016 and 2017. The rest are older accounts.
• Over 50% of accounts compromised never posted on the site, leading us to believe many of those were bots.
• Information taken: Email address, hashed password, and salt. Usernames were NOT taken.

The Neverstill Team that runs the forum apologized for the incident.

The improvements announced by site administrators include site-wide HTTPS support and a new 2-step authentication requirement for internal staff.