Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

562,000 Impacted in XKCD Forum Data Breach

The XKCD forum has been taken offline after suffering a data breach that impacted 562,000 subscribers.

The forum is associated with XKCD, a webcomic that American author Randall Munroe created in 2005, and which is described in its tagline as “A webcomic of romance, sarcasm, math, and language.”

The XKCD forum has been taken offline after suffering a data breach that impacted 562,000 subscribers.

The forum is associated with XKCD, a webcomic that American author Randall Munroe created in 2005, and which is described in its tagline as “A webcomic of romance, sarcasm, math, and language.”

The data leaked from the forum breach was added to the Have I Been Pwned (HIBP) website over the weekend, but the incident apparently took place two months earlier, on July 1, 2019.

Troy Hunt’s breach alerting website reveals that data exposed in the attack includes usernames, email and IP addresses, and passwords stored in MD5 phpBB3 format. phpBB is a free and open-source bulletin board software solution built in PHP.

“The xkcd forums are currently offline. We’ve been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection. The data includes usernames, email addresses, salted, hashed passwords, and in some cases an IP address from the time of registration,” a message on the XKCD forum reads.

The administrators apparently decided to take the forums offline to investigate whether the affected accounts are secure or not.

“We’ve taken the forums offline until we can go over them and make sure they’re secure. If you’re an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password,” the message continues.

Troy Hunt’s HIBP website already contained 58% of the leaked addresses, from previous data breaches.

Hunt received the leaked data from white hat security researcher and data analyst Adam Davies.

Related: Capital One Discloses Massive Data Breach: 106 Million Impacted

Related: Millions of Toyota Customers in Japan Hit by Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.