Android Forums confirm that its servers were compromised, leading to a data breach

Password reset notice issued after users’ email addresses and passwords were stolen

The ghosts of the data breach that affected Android Forums in 2012 seems to have revisited the popular platform for Android users once again. The credentials of 1 million users of the forum were stolen during this massive data breach.

Confirming the current data breach, Android Forums said that its servers were compromised by a third-party; however, only a minority of Android users were affected by the data breach, they added.

The website administrators of the platform in a security notice claimed that the data breach affected less than 2.5% of its active users (40 members) who had registered between 2016 and 2017. Apparently, one of the forum’s staff too was affected by the breach read  a security notice posted by Android Forums’ administrator, reports HackRead.

The Android Forums’ notification reads: “The exploit used has been identified and resolved. The server is being further hardened and extra ‘just in case’ actions are being taken. No other sites in our network appear to have been accessed.

“We were able to replay the attack and log the output – identifying all accounts compromised. We have targeted an email, and this notice, to those accounts. Over 50% of accounts compromised never posted on the site, leading us to believe many of those were bots.”

The administrators have reset the passwords of all the compromised accounts that were identified. The stolen data included hashed passwords, email addresses and salts.

While there is no clarity behind the reason for the attack, the administrators believe that this could be an e-mail harvesting attempt. In other words, whoever hacked Android Forums was looking for e-mail addresses to spam at a later time. Having said this, the attack could have also been done just for kicks. Currently, investigations are on for the data breach.

The administrators wrote: “This could simply be an e-mail harvesting attempt. A spammer could run the acquired email addresses through a validation tool, then bulk e-mail all valid emails in a spam or phishing campaign. Luckily, Gmail and similar e-mail services offer strong spam prevention that automatically filters potential spam and phishing attempts or provides warning.

“This could be someone who is upset with us who hopes to use the information against staff. They could blackmail us and threaten to publish the information publicly.”

They added: “Perhaps they were practising on us. Or, they could be comparing hashes against the previous set to see what has or has not changed. There is some chance they did this for fun to see if they could, or will not move forward with any plans after finding out we’re actively investigating. People do what they love, and hackers love to hack, there doesn’t necessarily need to be a goal in mind.”

Apologising for the incident, the Neverstill Team, which runs the site have promised to strengthen its security efforts. “Among our newest efforts is site-wide HTTPS support, as well as a new 2-step authentication requirement for our staff,” the developers said in a statement.

As a precautionary measure, we request the Android Forum users to reset their passwords as soon as possible even if you have not been affected by the data breach. Also, if the same password and security questions have been used elsewhere, we request you to have them changed urgently.


Please enter your comment!
Please enter your name here