The Android Forums which is the popular platform for the Android users has announced that their servers are accessed by a third-party thus resulting in a data breach.
In their security notice, the administrator of the website wrote that 40 members in the forum (which is 2.5 percent) who have registered between registered in 2016 and 2017 got their accounts compromised. Nearly 50% of the affected accounts have never posted on the forum at all, which gives us the conclusion that they are not sreal users to begin with, but bots.
The stolen data contains hashed passwords, email addresses, and salts but none of these usernames were taken. However, the good news is that all these passwords have been reset.
Moreover, the investigation is still in process. So it is too early to just assume what has happened or how these attackers were able to access that database. But, the administrators believe that it could be a result of a phishing attack.
It should be noted that one of staff members in the forum was also impacted by a breach which is not surprising since the hackers are successfully cracking passwords from their previous data breaches and now using them for future attacks.
This forum is implementing some new security measures which include site-wide HTTPS support, 2-step authentication requirement for the staff and the passwords randomizing of inactive accounts.
This is not first time when the Android Forums has security issues. Back in 2012, the forum suffered a massive data breach in which user credentials of 1 million users were stolen.
At the time of publishing this article, the Android Forums was down for scheduled maintenance but you can still go through the security notice through Google Cache.