Security Experts:

Phandroid User Forums Breached - 1M Accounts Likely Targeted

Phandroid, a web site dedicated to Android news and discussion, is urging all of its users – more than a million of them in fact – to change their passwords after a server hosting their online forum was hacked earlier this week. News of this latest compromise comes after a string of security incidents this month, leaving some to wonder what’s next.

The successful attack on Phandroid was made possible due to a vulnerability on the forum’s server, which led to the database compromise. On Tuesday, the forum’s administrator said that the vulnerability was patched, and that developers combed the database and file systems for malicious edits. None were found.

“I was informed by our sever/developer team that the server hosting androidforums.com was compromised and the website's database was accessed. While the breach is most likely harmless there are important and potential pitfalls,” the admin, Phases, said in a post.

The breach exposed the forum’s database user table, which led the website to assume the worst. The data housed in the table includes, usernames, passwords (random unique salts per users, with an unknown hashing method), registration IP address, email addresses, and more.

“This was, in our current opinion, most likely an e-mail harvesting attempt. A spammer could theoretically attempt to bulk e-mail all [users] with the user database...With a username and hashed password one could open a session with accounts on other sites that use the same credentials - if they gain file level access to that site first. These were salted passwords which adds to the complexity, but nonetheless we recommend playing it safe.”

This has been a nightmare week for several organizations. Included with the likely exposure of 1 million accounts on Phandroid, Yahoo is investigating a breach that led to the loss of 450,000 records, while social networking site Formspring lost 420,000 hashed passwords. On top of this, Best Buy reported an uptick in hacking attempts on their users accounts, and popular web hosting control panel Plesk was linked to a run of 50,000 website compromises.

If anything, security teams are going to enjoy some generous overtime, but it’s unfortunate that it is because of digital pain and suffering.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.