The forums of the popular XKCD web comic, created by artist Randall Munroe back in 2005, have been hacked and are currently disabled until the developers are again confident in their safety.As a result of the incident, which occurred as early as the beginning of July 2019, the data of 561,991 users was compromised.
It became known about the incident when the database that leaked to the Internet was added to Have I Been Pwned, and the information security expert and analyst Adam Davis, the first to notice a compromise, provided a dump to the resource.
According to the leak aggregator, 58% of the email addresses from this dump previously appeared in the base of the platform, as they were already part of other leaks. The compromised database contained usernames, email addresses, IP addresses, as well as hashed and salted passwords stored in MD5 phpBB3 format.
“New breach: XKCD had 562k accounts breached last month. The phpBB forum exposed email and IP addresses, usernames and passwords stored in MD5 phpBB3 format. 58% of addresses were already in @haveibeenpwned”, — reported Troy Hunt, owner of the Have I Been Pwned website.
It is strongly recommended that all affected users change their passwords if they used the same or similar passwords for different accounts, since the XKCD forums dump has already been leaked to the public.
“XKCD forums are currently disabled. We were warned that some of the phpBB database tables with a list of users were detected in the leak. This data includes usernames, email addresses, hashed passwords, in some cases IP addresses from the moment of registration. Forums will be offline until we make sure of security. If you are a user of echochamber.me/xkcd, you should immediately change the password for other accounts with similar passwords”, – XKCD employees said.
User Review( votes)