The owners of Phandroid.com are advising AndroidForum.com users to change their passwords after they learned that the website’s database has been breached.
According to Phandroid.com representatives, the security hole that allowed the hackers to gain access to the information has been patched up and, fortunately, no other sites from their networks appear to have been compromised.
It’s uncertain at this time if the database that contained usernames, email addresses, hashed and salted passwords, and IP addresses has been downloaded.
“This was, in our current opinion, most likely an e-mail harvesting attempt. A spammer could theoretically attempt to bulk e-mail all AF users with the user database. Luckily, GMail and similar e-mail services offer a "spam" button that helps it to collectively identify and automatically filter potential spam,” users were told
There are several reasons why the hackers may have targeted the forum. They might want to use the information for identity theft, blackmail, or to determine the location of a certain users.
It’s also possible that the attackers may have wanted to obtain information on the discussion board’s staff.
“With a username and hashed password one could open a session with accounts on other sites that use the same credentials - if they gain file level access to that site first. These were salted passwords which adds to the complexity, but nonetheless we recommend playing it safe,” the security breach notice added.
To protect their details, customers are recommended to immediately change their passwords via the UserCP or by accessing the “forgot your password?” section.
This isn’t the only important data breach we’ve witnessed in the past days. User details have also been leaked from social media website Formspring
and from Yahoo! Contributor Network.
Both Formspring and Yahoo! have confirmed
the breaches and advised members to change their passwords.