Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Forums Hacked: 1 Million User Credentials Stolen

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes "Phandroid's AndroidForums.com has been hacked. The database that powers the site was compromised and more than one million user account details were stolen. If you use the forum, make sure to change your password ASAP. From the article: 'Phandroid has revealed that its Android Forums website was hacked this week using a known exploit. The data that was accessed includes usernames, e-mail addresses, hashed passwords, registration IP addresses, and other less-critical forum-related information. At the time of writing, the forum listed 1,034,235 members.'"

23 of 93 comments (clear)

  1. lol linux by Anonymous Coward · · Score: 4, Funny

    Was it run on... Linux? BWAHAHAHAHAHAH!

    Linux = FAIL.
    Windows or OS X are the only secure solutions.

    1. Re:lol linux by multiben · · Score: 4, Funny

      You're right. I'm sorry, now back to work everyone! These are serious times. Linux is the best operating system that has every existed and nothing will ever be better than it. It is perfect and nobody should ever laugh at it. You know why? Because it's not funny! That's why. In fact, nothing is funny. Somebody told me a joke once back in 1972 and frankly I just didn't see the point. It distracted me from being serious.

    2. Re:lol linux by Tourney3p0 · · Score: 2

      If you thought that was funny, you're going to *love* this new comedian Dane Cook that's making the rounds. Not sure what operating system he uses, though.

    3. Re:lol linux by ColdWetDog · · Score: 2

      Huh?

      Whatever the hell he's going on about, he sure is upset with it.

      --
      Faster! Faster! Faster would be better!
    4. Re:lol linux by Flere+Imsaho · · Score: 2

      People laughed when I said I wanted to be a comedian. Well, they're not laughing now.

      --
      It gripped her hand gently. 'Regret is for humans,' it said.
  2. Woo Hoo, big news! by Grayhand · · Score: 5, Funny

    Androids forums had a million users!!!!! Take that Apple!

  3. Somebody's rushing... by war4peace · · Score: 2

    It's the third major hack in two days. Summer break boosts hacking?
    My knee-jerk reaction was that there's a new, unknown exploit out there but from the summary I see there's a "known exploit".
    At least I don't have an account there and now I am sure I never will...

    --
    ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  4. Who cares? by dynamo52 · · Score: 2

    I use a unique email address and randomly generated password for every single website to which I register. I don't know if I am a member on this forum but even if I am, I'm not going to bother with changing credentials because frankly, if somebody wants to impersonate me on a forum I may have joined simply for advice on a particular product I say go for it.

    --
    Like this comment? I accept Bitcoin! - 153sc8UUBXyp12ofQqfAWDmJrzyiKCYC1x
  5. Re:Low expectations by Anubis+IV · · Score: 2

    This serves as yet another reminder of the value of using a password manager that can generate unique passwords for each and every site and then store them securely. That way, when the inevitable happens, as it did here, only that one password is compromised, and it comes at no hassle to you.

    I've been using 1Password for years, but a number of folks here seem to like KeePass, and I'm sure a few kind folks will reply with more suggestions below.

  6. Forums by Archangel+Michael · · Score: 4, Insightful

    Most websites are "NOT SECURE" enough, so pretending that they are is simply dangerous. Wanna know how secure that website is? The Login is not on a SSL connection. Nuff Said!

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    1. Re:Forums by Kozz · · Score: 2

      Most websites are "NOT SECURE" enough, so pretending that they are is simply dangerous. Wanna know how secure that website is? The Login is not on a SSL connection. Nuff Said!

      Grabbing credentials going over the wire of a non-SSL site is not at the top of my worries, but having SSL certainly gives people a false sense of security. Any idiot (well, almost) can obtain and install an SSL certificate for their webserver, but that doesn't mean said idiot remembered to lock down phpMyAdmin or any other number of stupid things.

      --
      I only post comments when someone on the internet is wrong.
  7. Re:Low expectations by Anonymous Coward · · Score: 2, Funny

    i'd love to use keepass, but i am too fucking stupid. i am going to try again right now. fucking complicated shit.

  8. Re:Screw websites that *require* a login by BronsCon · · Score: 2

    You hear that, Slashdot? Now you know how to get rid of this guy!

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  9. This is news? by thetoadwarrior · · Score: 4, Funny

    Some low budget Android site gets hacked and we feel the need to talk about it? It's a fucking PHP based site. I'm surprised not being hacked in between each restart to recover from memory leaks.

  10. The known exploit by wbr1 · · Score: 3, Funny

    androidforums.com runs on a cluster of old phones. A simple android root program injected into the php was all that was needed :P

    --
    Silence is a state of mime.
  11. And, To Fulfil the Irony.... by rueger · · Score: 2

    It appears that the change password page is Slashdotted - I can't get more than one character into the form before it freezes up.

    Good thing it's still using the old password that I used for forums before the great LinkedIn password crisis!

    --
    Three Squirrels
    1. Re:And, To Fulfil the Irony.... by cerberusss · · Score: 2

      It appears that the change password page is Slashdotted

      It's the password that I only use for all my forum accounts, so I don't really care if it's hacked or not. Should I post stupid stuff, then it's just the silly Android Forums hacker.

      --
      8 of 13 people found this answer helpful. Did you?
    2. Re:And, To Fulfil the Irony.... by cerberusss · · Score: 5, Funny

      It's the password that I only use for all my forum accounts, so I don't really care if it's hacked or not. Should I post stupid stuff, then it's just the silly Android Forums hacker.

      HAHAHA DISREGARD THAT, I SUCK COCKS

      --
      8 of 13 people found this answer helpful. Did you?
  12. Re:Low expectations by Ded+Bob · · Score: 2

    I just wanted to mention that KeePassX runs on UNIX systems.

  13. Please use OpenID by Galestar · · Score: 2

    That is all.

    --
    AccountKiller
  14. Original Source by izomiac · · Score: 4, Informative

    Here is the original source, with more information and less sensationalism. They aren't sure if any user information was downloaded, but are treating this as a full breach. To their credit, they at least hashed the passwords, and chose to inform their userbase rather than sit on it until they figured out if any user data was actually stolen or not.

    1. Re:Original Source by DaScribbler · · Score: 2

      Here is the original source, with more information and less sensationalism. They aren't sure if any user information was downloaded, but are treating this as a full breach. To their credit, they at least hashed the passwords, and chose to inform their userbase rather than sit on it until they figured out if any user data was actually stolen or not.

      No, they only informed those who actively frequent their sire, since all they did was post a warning at the top of the forums page. They took no steps beyond that. They didn't bother to send out a mass email to their registered users. I didn't learn about it until yesterday, 3 days after the breach, and that's only because I read it here on slashdot. If I hadn't read about it here, it would probably have been another 5 or 6 days before I learned about it, since that's about how often I frequent their site.

  15. Does this mean.. by 0ld_d0g · · Score: 4, Funny

    They open sourced the passwords? :-P