Security Brief: Yahoo!, NVIDIA, AndroidForums, Formspring, Nexus Q Hacked

The week that is about to pass can clearly be called the “week of the hack,” the list of victims being comprised by high-profile companies such as Yahoo!, Phandroid’s AndroidForums, Formspring, NVIDIA and Billabong. While we haven’t been able to confirm it, PBS and the World Health Organization may have also been breached.

Not everything that was hacked in the past few days is in the website category. Developers managed to hack Google’s Nexus Q, allowing users to “free” their devices and install all sorts of apps and games such as Netflix and Angry Birds.

Regarding the website hacks, it started with Formspring. The owners of the social media network reset the passwords of all their customers after learning that a number of 420,000 password hashes were published on a forum.

It continued with Yahoo!. A Romanian hacker group called D33Ds Company leaked over 450,000 clear text passwords and their associated usernames. The company has confirmed the incident and claims to have addressed the security holes, but experts believe that the entire situation may be much worse than the firm leads us to believe.

Phandroid handled the situation rather well. After learning that its AndroidForums database became exposed, they immediately advised users to change their passwords.

The fact that customers have been recommended to change their passwords is not uncommon, but the fact that the company has taken into perspective all the misuse possibilities is a decision for which we applaud them.

Billabong, the renowned clothing manufacturer, was forced to shut down its website after hackers stole 35,000 customer passwords.

With NVIDIA, it’s a bit more complicated. The company admitted that its forums were breached, but the hackers who took credit for the attack claimed that the shop was also compromised.

This week we also learned that the mobile spam botnet might be the result of a vulnerability that affects the Yahoo! Mail app for Android.

Another interesting topic we covered was the interview with UGNazi member Cosmo on the recent arrests. And speaking of arrests, the carding operation conducted by US authorities is not over yet. Three other individuals have been apprehended this month, bringing the total number of suspects to 27.

Finally, we learned that grand theft auto (the crime, not the game) and hacking have a lot in common. Also, did you know that road signs can be hacked?