Android Forums, one of the most popular online Android communities, informed members this week that the server hosting its website has been breached, allowing attackers to access some user information.
According to representatives of Neverstill Media, which maintains Android Forums, hackers only managed to access information on 2.5 percent of active users. The compromised data includes email addresses, hashed passwords and salts.
Neverstill said usernames and financial data were not accessed. The company also noted that the breach only affected one staff member and only 40 users who registered accounts in 2016 and 2017. More than half of the compromised accounts had never posted anything on Android Forums, leading developers to believe they may have been bots.
Affected users have been notified via email and instructed to change their passwords. The passwords of impacted accounts that had not been active were automatically randomized.
The accessed information can be leveraged for spam and phishing campaigns, and users have been advised to be cautious.
“This could be someone who is upset with us who hopes to use the information against staff. They could blackmail us and threaten to publish the information publicly,” Android Forums told users.
The vulnerability exploited by the attackers has been patched and various security improvements are being made to prevent incidents in the future.
This is not the first time Android Forums has suffered a data breach. A similar incident took place in 2012, when more than one million users, including staff, had their details exposed. At the time, attackers accessed usernames, email addresses, hashed and salted passwords, IPs, and other data.
It’s unclear why usernames have not been stolen in the latest breach, but Android Forums has some theories.
“Perhaps just in case a null entry was to be found/flagged. Perhaps they were bound by the limitations of the vector they used. Perhaps they were practicing on us,” users were told. “Or, they could be comparing hashes against the previous set to see what has or has not changed.”
Related: Epic Games Forums Hacked Again
Related: User Data Stolen in Ubuntu Forums Breach
Related: Two Million Impacted by Dota 2 Forum Breach

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
