Security Experts:

562,000 Impacted in XKCD Forum Data Breach

The XKCD forum has been taken offline after suffering a data breach that impacted 562,000 subscribers.

The forum is associated with XKCD, a webcomic that American author Randall Munroe created in 2005, and which is described in its tagline as “A webcomic of romance, sarcasm, math, and language.”

The data leaked from the forum breach was added to the Have I Been Pwned (HIBP) website over the weekend, but the incident apparently took place two months earlier, on July 1, 2019.

Troy Hunt’s breach alerting website reveals that data exposed in the attack includes usernames, email and IP addresses, and passwords stored in MD5 phpBB3 format. phpBB is a free and open-source bulletin board software solution built in PHP.

“The xkcd forums are currently offline. We've been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection. The data includes usernames, email addresses, salted, hashed passwords, and in some cases an IP address from the time of registration,” a message on the XKCD forum reads.

The administrators apparently decided to take the forums offline to investigate whether the affected accounts are secure or not.

“We’ve taken the forums offline until we can go over them and make sure they're secure. If you're an forums user, you should immediately change your password for any other accounts on which you used the same or a similar password,” the message continues.

Troy Hunt’s HIBP website already contained 58% of the leaked addresses, from previous data breaches.

Hunt received the leaked data from white hat security researcher and data analyst Adam Davies.

Related: Capital One Discloses Massive Data Breach: 106 Million Impacted

Related: Millions of Toyota Customers in Japan Hit by Data Breach

view counter