Android Forums hack prompts password resets after users' email addresses and passwords stolen

Android Forums has reportedly confirmed that hackers compromised its servers, leading to a data breach. The forum, which is a highly popular platform with Android users, claimed that the breach affected only a minority of its users. Android Forums has since initiated password resets for all affected users and has claimed to boost its security by adopting new measures, including implementing HTTPS support for their site, two-step authentication for staff and passwords randomising for inactive accounts.

The breach also affected one of the forums' staff, according to a security notice posted by Android Forums' administrator, HackRead reported. The administrators of the platform claimed that the data breach affected "less than 2.5% of our active users" and that the hackers were able to access only a limited amount of data.

The Android Forums' notification reads: "The exploit used has been identified and resolved. The server is being further hardened and extra 'just in case' actions are being taken. No other sites in our network appear to have been accessed.

"We were able to replay the attack and log the output - identifying all accounts compromised. We have targeted an email, and this notice, to those accounts. Over 50% of accounts compromised never posted on the site, leading us to believe many of those were bots."

The data stolen included email addresses, hashed passwords and salts. However, Android Forums claimed that no usernames were accessed by the hackers. Only 40 members of the forum, who registered in 2016 and 2017, were affected by the breach.

The details of the cyberattack remain unclear, but the site's administrators have speculated about the possible reasons behind the hack.

The administrators wrote: "This could simply be an e-mail harvesting attempt. A spammer could run the acquired email addresses through a validation tool, then bulk e-mail all valid emails in a spam or phishing campaign. Luckily, Gmail and similar e-mail services offer strong spam prevention that automatically filters potential spam and phishing attempts or provides warning.

"This could be someone who is upset with us who hopes to use the information against staff. They could blackmail us and threaten to publish the information publicly."

They added: "Perhaps they were practising on us. Or, they could be comparing hashes against the previous set to see what has or has not changed. There is some chance they did this for fun to see if they could, or will not move forward with any plans after finding out we're actively investigating. People do what they love, and hackers love to hack, there doesn't necessarily need to be a goal in mind."