If you are an Android Forums user, the first thing that you should do even before you have completed reading this news is to login and change your password. If you have been using the same set of username and password elsewhere on the internet, please also change the same immediately.
Coming back to the news and why the warning was given in the opening note, Phandroid has recently reported that the Android Forums website has been hacked. Apparently this was done earlier this week and the hackers fled with user details of more than a million users. The data that was compromised include usernames, email addresses, hashed passwords, IP addresses from where the accounts were registered, and a host of other data which may not be that critical.
How did hackers had the Android Forums hacked? Hackers used a known exploit that the administrator of the forum, who identifies himself as “Phases”, reported to have been since corrected. Apart from that he also admits that the database has been screened along with the file system to filter out any malicious programs or uploads or even edits that can further make the whole system vulnerable to future attacks. Overall system security has been tightened and is being done so on a continuous basis so that such future attacks can be stopped. Apart from that, he has also clarified that no other sites in the same network have been hacked.
Immediately after the attack, the website had moved to resetting the password of its around 100 employees’ accounts. These accounts were critical in the sense the hackers could further disrupt services, alter data and do a lot more damage if they had accessed these accounts.
As a precautionary step, you should therefore change the password, and also make sure if you have been using the same combination in other website to change it too.