Hacking XKCD Web Comic Forums Affected 562,000 Users

The forums of the popular XKCD web comic, created by artist Randall Munroe back in 2005, have been hacked and are currently disabled until the developers are again confident in their safety.

It became known about the incident when the database that leaked to the Internet was added to Have I Been Pwned, and the information security expert and analyst Adam Davis, the first to notice a compromise, provided a dump to the resource.

According to the leak aggregator, 58% of the email addresses from this dump previously appeared in the base of the platform, as they were already part of other leaks. The compromised database contained usernames, email addresses, IP addresses, as well as hashed and salted passwords stored in MD5 phpBB3 format.

“New breach: XKCD had 562k accounts breached last month. The phpBB forum exposed email and IP addresses, usernames and passwords stored in MD5 phpBB3 format. 58% of addresses were already in @haveibeenpwned”, — reported Troy Hunt, owner of the Have I Been Pwned website.

Read also: Media: discovered by Google iPhone hackers also attacked Android and Windows users

It is strongly recommended that all affected users change their passwords if they used the same or similar passwords for different accounts, since the XKCD forums dump has already been leaked to the public.

“XKCD forums are currently disabled. We were warned that some of the phpBB database tables with a list of users were detected in the leak. This data includes usernames, email addresses, hashed passwords, in some cases IP addresses from the moment of registration. Forums will be offline until we make sure of security. If you are a user of echochamber.me/xkcd, you should immediately change the password for other accounts with similar passwords”, – XKCD employees said.