Android Forums resets passwords after hack

Share this…

Only 2.5 per cent of userbase affected. Add Android Forums to the growing list of web properties that have suffered a security breach.

One in 40 members of the forum (2.5 per cent) were exposed by the hack. Moderators said they’ve been able to identify potential compromised accounts, the passwords of which have been reset. Many of the affected accounts were older and half of them had never posted to Android Forums.

Information taken includes email addresses, hashed passwords, and salt. The administrators speculate that targeted phishing emails by crooks may follow, so extra vigilance is advised. Even those not directly affected by the incident are advised to change their passwords, as a precaution.

The Neverstill Team, which runs the site, apologised for the incident and promised to “reinvigorate” its security efforts. “Among our newest efforts is site-wide HTTPS support, as well as a new 2-step authentication requirement for our staff,” a statement by the developers added.

Android Forums’ breach notice

El Reg learned of the breach following a tip-off from a reader who was notified of the problem. Members of the site can find its breach notification statement here (registration required).