xkcd webcomic forums hit by data breach

Hackers make off with usernames, email addresses and passwords belonging to message board users

The forums of popular webcomic xkcd have been hit by a data breach, exposing the details of more than 500,000 members. The breach is alleged to have been the result of a flaw in the open-source phpBB message board software.

The breach, first reported on Sunday by Have I Been Pwned, is said to have occurred at some point in August and included usernames, email addresses, hashed passwords, and IP addresses.

Following the disclosure, the forum's administrators have taken the message board down in order to confirm their security. Affected users were also notified via email.

"We've been alerted that portions of the phpBB user table from our forums showed up in a leaked data collection," a notification on the forum's main page read. "It is likely that it was gathered up in some automated scan taking advantage of a vulnerability in the forum software."

It is unclear whether the vulnerability in phpBB, referenced by xkcd's breach notification, was already patched or whether it was a previously undiscovered flaw. The records appear to mostly be hashed using the bCrypt algorithm, although some accounts are still encrypted via the older, less secure md5 encryption method. It has been suggested that these are old, unused accounts which pre-date the forum's shift to bCrypt encryption.

"We've taken the forums offline until we can go over them and make sure they're secure. If you're an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password."

xkcd - the webcomic which spawned the forums - has been running for over a decade, and has built up a cult following among techies and internet communities thanks to its focus on STEM fields. Ironically, many of its strips deal directly with password security, including one well-known example on the perceived strength of passwords.

Image from xkcd.com

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell XPS 17 (2021) review: A big laptop for big jobs
Laptops

Dell XPS 17 (2021) review: A big laptop for big jobs

10 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021