Hackers have allegedly managed to get their hands on employee accounts of Google, Apple, Samsung and more tech firms, by hacking into a developer forum that is commonly used by developers for a variety of options, including computer design and game development. The data comes from the Khronos website.
Employee accounts of other tech giants, including IBM, Panasonic, VMWare, EA, Toshiba, Intel, Sony Ericsson and more have also been reportedly stolen by the hackers. It is likely that the stolen data has been kept private among a group of hackers. According to a report by Motherboard, who was provided an SQL file of nearly 3,000 accounts for the breached Khronos site, the data exposed included email addresses, usernames, plaintext passwords, sign up IP addresses and dates, and in certain cases physical addresses.
It is still unclear as to how many users have been affected by the breach. Although Khronos has been notified of the breach by Motherboard, the firm is yet to make an official statement either confirming or denying the breach. "Khronos Membership puts your company at the forefront of the development of these APIs, and lets you collaborate with over 100 industry-leading member companies across the globe," reads the company membership website.
The email addresses and usernames of 18 accounts have been reportedly tested and found to be corresponding with the accounts on the breached site. The data dump included the exposed account of an unnamed renowned security researcher, who confirmed that details including sign-up date, password and IP address appeared to be accurate.
Fortunately, unlike the layperson, most developers do not fall into the trap of password reuse. One victim of the breach told Motherboard that he generates unique passwords of every site with the help of a password manager. This means the hackers will not be able to use the passwords from the victim's stolen account to access his other accounts. However, most of the other passwords examined were reportedly found to be fairly weak and predictable.
The breach is yet another reminder of the dangers posed by the practice of password reuse. Previous high-profile data breaches sustained by tech giants like LinkedIn, MySpace and others also saw how hackers can exploit users' habit of reusing passwords to hack into other accounts. Users have since been advised to abandon the practice and generate unique and strong passwords for each of their accounts and also activate two-factor authentication as an added security measure.
IBTimes UK has reached out to Khronos Group for further comment on the breach and is awaiting a response.