xkcd webcomic forums hit by data breach
Hackers make off with usernames, email addresses and passwords belonging to message board users
The forums of popular webcomic xkcd have been hit by a data breach, exposing the details of more than 500,000 members. The breach is alleged to have been the result of a flaw in the open-source phpBB message board software.
The breach, first reported on Sunday by Have I Been Pwned, is said to have occurred at some point in August and included usernames, email addresses, hashed passwords, and IP addresses.
Following the disclosure, the forum's administrators have taken the message board down in order to confirm their security. Affected users were also notified via email.
"We've been alerted that portions of the phpBB user table from our forums showed up in a leaked data collection," a notification on the forum's main page read. "It is likely that it was gathered up in some automated scan taking advantage of a vulnerability in the forum software."
It is unclear whether the vulnerability in phpBB, referenced by xkcd's breach notification, was already patched or whether it was a previously undiscovered flaw. The records appear to mostly be hashed using the bCrypt algorithm, although some accounts are still encrypted via the older, less secure md5 encryption method. It has been suggested that these are old, unused accounts which pre-date the forum's shift to bCrypt encryption.
"We've taken the forums offline until we can go over them and make sure they're secure. If you're an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password."
xkcd - the webcomic which spawned the forums - has been running for over a decade, and has built up a cult following among techies and internet communities thanks to its focus on STEM fields. Ironically, many of its strips deal directly with password security, including one well-known example on the perceived strength of passwords.
Image from xkcd.com
Five lessons learned from the pivot to a distributed workforce
Delivering continuity and scale with a remote work strategyDownload now
Connected experiences in a digital transformation
Enable businesses to meet the demands of the futureDownload now
Simplify to secure
Reduce complexity by integrating your security ecosystemDownload now
Enhance the safety and security of your people, assets and operations
Enable a true vision of security with an engineered solution based on hyperconverged and storage platformsDownload now