Data hacking has been a great challenge for digital platforms and communities in recent years.
In fact, a majority of online platforms spend most of their resources on data security.
Though new hi-tech data security measures are being improved and developed at an unprecedented pace, hackers have been staying a few steps ahead.
Many reputable digital platforms have fallen victims to hacking attempts, with Android Forums being the latest victim.
After a similar attack in 2012, the website is fighting a similar data breach this year.
In the 2012 hacking, more than 1 million users’ data was stolen during the attack.
According to Phandroid, they have confirmed their website got hacked using a known exploit by a third party.
The site moderator was quick to note that only a small number of the users were affected by the breach.
The information that was accessed according to the administrators included email addresses, hashed passwords, and salt.
According to the data breach notice, only 40 members who registered in 2016 and 2017 were affected, with the other accounts being older.
They also noted that more than half of the accounts never posted in the forums, possibly being bots.
Moderator Explanation
The moderator “Phases” has clarified that the compromised accounts have been identified and their passwords reset.
The company immediately notified the affected members by sending the password reset notice to their associated emails.
But to ensure to the users that everything was under control, the administrator put across the following facts The security team was able to replicate the attack and log the results and process, thus identifying all of the accounts that were compromised.The affected accounts have been emailed and sent the security notice.
- They have identified the exploit and resolved it immediately. They have also hardened their server and taken extra actions to prevent a similar hacking from recurring or anything malicious from happening.
- Considering the magnitude of the threat if staff accounts were hacked, the website notified all its 100 staff members for a random password change. This has enhanced site protection from devastating hacking attempts.
- None of their other sites were affected by the hacking, and thus they are treating this as an isolated case.
Motive for the Hacking
According to phases, he believes that the hacking could have been an attempt to harvest emails.
This is a common objective for the purpose of spamming or a phishing campaign.
But the affected users may not have much to worry about since Gmail and other email services offer strong protection against spam and phishing attempts.
The moderator could not rule out the possibilities of a hacker who is upset with the website and just wanted to use the information either for blackmail or against any of the staff, or a hacker doing it for fun or to practice their hacking skills.
These are just some of the theories trying to explain the hacking motive.
Regardless of motive, the breach has not been taken lightly by the company.
The Neverstill Team, which runs Android Forums has apologized for the data breach and promised to strengthen its security efforts.
Among the newest measures that they have taken is site-wide HTTPS support which they believe will deter future hacking attempts.
The developer has also introduced 2-step authentication requirement for the website staff to reduce the chances of their account being hacked.
For those who were affected by the hacking, they are advised to change their passwords immediately.
For the affected member are using the same email and password elsewhere, they are also advised to change their passwords ASAP.
Though the attack could have done ‘just for fun’, the developer is seriously investigating the breach.