Android Forums Hacked: 1 Million User Credentials Stolen 93
An anonymous reader writes "Phandroid's AndroidForums.com has been hacked. The database that powers the site was compromised and more than one million user account details were stolen. If you use the forum, make sure to change your password ASAP. From the article: 'Phandroid has revealed that its Android Forums website was hacked this week using a known exploit. The data that was accessed includes usernames, e-mail addresses, hashed passwords, registration IP addresses, and other less-critical forum-related information. At the time of writing, the forum listed 1,034,235 members.'"
lol linux (Score:4, Funny)
Was it run on... Linux? BWAHAHAHAHAHAH!
Linux = FAIL.
Windows or OS X are the only secure solutions.
Re: (Score:1, Offtopic)
Re:lol linux (Score:5, Funny)
Re: (Score:2)
Re: (Score:3)
Huh?
Whatever the hell he's going on about, he sure is upset with it.
Re: (Score:1)
Hey, stop speaking like a '00s guy. Here in the '10s we shortened that to a concise "he mad".
Re: (Score:2)
He's either complaining about Windows Phone, or complaining about iOS. Presumably he needs to get out more.
Re: (Score:1)
It wasn't funny to you, probably because you're a Lintard. To some though, it was funny. You're not funny at all. In fact, you're rather sad.
Yeah sure. It's like George Carlin's rules of the road. Anybody who drives slower than you is STUPID. Anybody who drives faster than you is CRAZY.
It's like that with insecure people and humor too. Anybody who didn't think the joke was funny was obviously too stupid to get it. Oh, if only they were graced with your wit and your sense of humor!
Clearly they are some kind of *tard. Oh was it about Linux? Yes, Lintard. That's what they are.
Course the difference between a comedian and a +5 Funny
Re: (Score:2)
Anybody who drives faster than you is a MANIAC!
FTFY
Re: (Score:2)
Re: (Score:2)
People laughed when I said I wanted to be a comedian. Well, they're not laughing now.
Re: (Score:2)
It wasn't funny. Damn sure wasn't insightful or informative. Maybe inciteful.
It was both funny and insightful, you just haven't accepted the way it applies to you.
Re: (Score:2)
It wasn't funny.
I disagree. I'm certain that scores of 12-year-olds found it hilarious.
Re: (Score:2)
Re: (Score:2)
I thought you were introducing a new linux distro.
Re: (Score:1)
Woo Hoo, big news! (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Androids forums had a million users!!!!! Take that Apple!
To go to StarBucks and work on our screenplays we have to go outside!! Take that, Linux basement dwellers!
Re: (Score:2)
Androids forums had a million users!!!!! Take that Apple!
Yeah, where's the forums app on my iToy?
Somebody's rushing... (Score:3)
It's the third major hack in two days. Summer break boosts hacking?
My knee-jerk reaction was that there's a new, unknown exploit out there but from the summary I see there's a "known exploit".
At least I don't have an account there and now I am sure I never will...
Re: (Score:2)
Re: (Score:1)
Re: (Score:3)
This serves as yet another reminder of the value of using a password manager that can generate unique passwords for each and every site and then store them securely. That way, when the inevitable happens, as it did here, only that one password is compromised, and it comes at no hassle to you.
I've been using 1Password [agilebits.com] for years, but a number of folks here seem to like KeePass [keepass.info], and I'm sure a few kind folks will reply with more suggestions below.
Re: (Score:2, Funny)
Re: (Score:2)
That sounds less secure to me, since a simple rubber hose and some pliers applied to you can result in the recovery of those passwords. In contrast, I don't even know the vast majority of mine, offering me plausible deniability. You'd have to not only gain access to me, but also my encrypted database of passwords in order to get access to mine (and since the company behind 1Password has demonstrated a willingness to update and improve their encryption in the past, I expect that they'll continue to keep up w
Re: (Score:2)
That's great, but who remembers the one password to your encrypted database of passwords?
Re: (Score:2)
I do, of course, but as I said, they'd have to grab both me and the database in order to use the rubber hose method, whereas AC's technique requires no database, since the palace he's talking about is a memory retention technique, meaning that grabbing him would mean grabbing the database at the same time. I'm not suggesting mine is immune to rubber-hosing, just that it requires one more step to be possible, making it a bit more secure.
Re: (Score:2)
That sounds less secure to me, since a simple rubber hose and some pliers applied to you can result in the recovery of those passwords. In contrast, I don't even know the vast majority of mine, offering me plausible deniability.
"Plausible deniability" is a piece of legal weaselling, not a way of stopping someone slicing your balls off with a cheesewire..
Re: (Score:2)
Sure...but it keeps my passwords secure! ;)
Re: (Score:1)
Re: (Score:3)
Re: (Score:2)
Yep, and KeePassDroid [google.com] on Android.
Who cares? (Score:3)
Re: (Score:2)
Link... (Score:2)
Forums (Score:5, Insightful)
Most websites are "NOT SECURE" enough, so pretending that they are is simply dangerous. Wanna know how secure that website is? The Login is not on a SSL connection. Nuff Said!
Re: (Score:3)
Most websites are "NOT SECURE" enough, so pretending that they are is simply dangerous. Wanna know how secure that website is? The Login is not on a SSL connection. Nuff Said!
Grabbing credentials going over the wire of a non-SSL site is not at the top of my worries, but having SSL certainly gives people a false sense of security. Any idiot (well, almost) can obtain and install an SSL certificate for their webserver, but that doesn't mean said idiot remembered to lock down phpMyAdmin [google.com] or any other number of stupid things.
Re: (Score:2)
So, how exactly does SSL help with, say, SQL injection or a buffer overflow?
Just because a website is using SSL, doesn't mean that the webmaster has a clue what it's doing.
Re: (Score:3)
Re: (Score:1)
This is news? (Score:5, Funny)
The known exploit (Score:4, Funny)
And, To Fulfil the Irony.... (Score:3)
Good thing it's still using the old password that I used for forums before the great LinkedIn password crisis!
Re: (Score:3)
It appears that the change password page [androidforums.com] is Slashdotted
It's the password that I only use for all my forum accounts, so I don't really care if it's hacked or not. Should I post stupid stuff, then it's just the silly Android Forums hacker.
Re:And, To Fulfil the Irony.... (Score:5, Funny)
It's the password that I only use for all my forum accounts, so I don't really care if it's hacked or not. Should I post stupid stuff, then it's just the silly Android Forums hacker.
HAHAHA DISREGARD THAT, I SUCK COCKS
Re: (Score:2)
Is this the new hype? (Score:2)
Hacking sites to leak 100 thousands of passwords? This is the fourth recent case I know of.
Please use OpenID (Score:3)
Original Source (Score:4, Informative)
Re: (Score:2)
Here [androidforums.com] is the original source, with more information and less sensationalism. They aren't sure if any user information was downloaded, but are treating this as a full breach. To their credit, they at least hashed the passwords, and chose to inform their userbase rather than sit on it until they figured out if any user data was actually stolen or not.
No, they only informed those who actively frequent their sire, since all they did was post a warning at the top of the forums page. They took no steps beyond that. They didn't bother to send out a mass email to their registered users. I didn't learn about it until yesterday, 3 days after the breach, and that's only because I read it here on slashdot. If I hadn't read about it here, it would probably have been another 5 or 6 days before I learned about it, since that's about how often I frequent their site.
Fuck It (Score:2)
Lets just make everything public.
Re: (Score:2)
Note: The above only applies to forum/blog style sites and not private (bank, corporate, etc) sites that hold *confidential* information.
Does this mean.. (Score:5, Funny)
They open sourced the passwords? :-P
Will they become... (Score:1)