Another data breach has affected Android Forums. The last time the attack like this has occurred was back in 2012 when the credentials of 1 million users were stolen.
Android Forums confirmed the breach and said that only a minority of their users were affected during this newest attack. The third party that hacked the Forums only managed to affect about 2.5% of Android active users who had registered between 2016 and 2017. One of the 40 users that were affected was, apparently, a member of the forum’s staff as well. A security notice was issued by the website administrators in which they claim that the exploit that was used has been identified and resolved and that the extra security is placed, ‘just in case’.
The compromised accounts were identified, but since more than 50% of the accounts never posted on the site, the administrators have been led to believe that many of those are bots. The passwords of the accounts in question have been reset by the administrators since the stolen data included the passwords as well as email addresses and salt.
The reason for the attack is unknown, and the administrators believe that the hackers could have been on an e-mail harvesting mission. In their notice, they explained that the purpose of e-mail harvesting is to spam them at a later time and that most of the e-mail services have strong spam filters that automatically mark any suspicious emails.
They also said that one of the reasons behind the attack could be the attempt to blackmail the administration, or perhaps this was just a practice attack. They added that the hackers may have simply wanted to compare the old and new security systems and see what has changed. Another theory says that this might have been done for fun, or to see if they could do it.
The Neverstill Team has apologized for the incident and promised to strengthen the security with the HTTPS support and the 2-step authentication requirements. They further advised a password reset even for the Forum members that were not affected by this attack. Also, if the same password and security questions have been used elsewhere, the Team requested their immediate change.