xkcd webcomic forums hit by data breach

Hackers make off with usernames, email addresses and passwords belonging to message board users

The forums of popular webcomic xkcd have been hit by a data breach, exposing the details of more than 500,000 members. The breach is alleged to have been the result of a flaw in the open-source phpBB message board software.

The breach, first reported on Sunday by Have I Been Pwned, is said to have occurred at some point in August and included usernames, email addresses, hashed passwords, and IP addresses.

Following the disclosure, the forum's administrators have taken the message board down in order to confirm their security. Affected users were also notified via email.

Advertisement - Article continues below

"We've been alerted that portions of the phpBB user table from our forums showed up in a leaked data collection," a notification on the forum's main page read. "It is likely that it was gathered up in some automated scan taking advantage of a vulnerability in the forum software."

It is unclear whether the vulnerability in phpBB, referenced by xkcd's breach notification, was already patched or whether it was a previously undiscovered flaw. The records appear to mostly be hashed using the bCrypt algorithm, although some accounts are still encrypted via the older, less secure md5 encryption method. It has been suggested that these are old, unused accounts which pre-date the forum's shift to bCrypt encryption.

Advertisement
Advertisement - Article continues below

"We've taken the forums offline until we can go over them and make sure they're secure. If you're an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password."

Advertisement - Article continues below

xkcd - the webcomic which spawned the forums - has been running for over a decade, and has built up a cult following among techies and internet communities thanks to its focus on STEM fields. Ironically, many of its strips deal directly with password security, including one well-known example on the perceived strength of passwords.

Image from xkcd.com

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Most Popular

Visit/business-strategy/careers-training/356422/ibm-job-ad-calls-for-12-year-experience-with-6-year-old
Careers & training

IBM job ad calls for 12-years of experience with six-year-old Kubernetes

13 Jul 2020
Visit/development/containers/356391/the-rise-of-containers
Sponsored

The rise of containers

9 Jul 2020
Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020