xkcd webcomic forums hit by data breach

Hackers make off with usernames, email addresses and passwords belonging to message board users

The forums of popular webcomic xkcd have been hit by a data breach, exposing the details of more than 500,000 members. The breach is alleged to have been the result of a flaw in the open-source phpBB message board software.

The breach, first reported on Sunday by Have I Been Pwned, is said to have occurred at some point in August and included usernames, email addresses, hashed passwords, and IP addresses.

Following the disclosure, the forum's administrators have taken the message board down in order to confirm their security. Affected users were also notified via email.

"We've been alerted that portions of the phpBB user table from our forums showed up in a leaked data collection," a notification on the forum's main page read. "It is likely that it was gathered up in some automated scan taking advantage of a vulnerability in the forum software."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

It is unclear whether the vulnerability in phpBB, referenced by xkcd's breach notification, was already patched or whether it was a previously undiscovered flaw. The records appear to mostly be hashed using the bCrypt algorithm, although some accounts are still encrypted via the older, less secure md5 encryption method. It has been suggested that these are old, unused accounts which pre-date the forum's shift to bCrypt encryption.

"We've taken the forums offline until we can go over them and make sure they're secure. If you're an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password."

xkcd - the webcomic which spawned the forums - has been running for over a decade, and has built up a cult following among techies and internet communities thanks to its focus on STEM fields. Ironically, many of its strips deal directly with password security, including one well-known example on the perceived strength of passwords.

Image from xkcd.com

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020