Hackers Attack Online Android Forum, Access User Data

Users have been advised to change their passwords since Tuesday.
By John Ribeiro
News Jul 13th 2012

Android Forums, an online forum for Android users, was the target of a hacker attack which could have led to user information including passwords getting compromised, its operator said.

Members of Android Forums have been asked to change their passwords ever since Tuesday, after it was found that the server hosting the forum was compromised and the website's database was accessed. The forum has over 1 million users.

"The user table of AndroidForum's database was (at a minimum) accessed," an Android Forums Community Manager, called Phases, said in a post on the website on Tuesday. He said it was completely possible that data was downloaded, and the forum has taken action assuming that it was.

Information in the user database included information such as unique IDs, usernames, emails, hashed and 'salted' passwords, and registration IP addresses, according to the post. A hash is a cryptographic representation of a password, and salted hashes involve inserting random characters into the hash.

Following the incident, passwords were changed to random strings, starting with those of about 100 staff. All code in the database and the file system was also reviewed for malicious edits and uploads, and it was checked that other sites on the network were not accessed.