Latest in Security

Image credit:

XKCD forum breach exposes details from over 560,000 user accounts

Hackers breached the forum of the popular webcomic.
Amrita Khalid, @askhalid
September 3, 2019
1 Shares
Share
Tweet
Share

Sponsored Links

zefart via Getty Images

XKCD, the sarcastic webcomic revered by science and tech geeks, is now the butt of someone else's joke. Hackers breached the forum of the 14-year old site, stealing over 560,000 usernames, emails, IP addresses and hashed passwords. Security researcher Troy Hunt, who owns the data breach website Have I Been Pwned, alerted the site's administrators over the weekend. Hunt was originally tipped off about the breach by white hat hacker Adam Davies.

XKCD promptly took down its forum, and posted a short message warning users to change their passwords -- as well as any similar passwords for other accounts. "The xkcd forums are currently offline. We've been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection. The data includes usernames, email addresses, salted, hashed passwords, and in some cases an IP address from the time of registration. We've taken the forums offline until we can go over them and make sure they're secure. If you're an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password," wrote XKCD.

Hunt noted that the webcomic's forum uses phpBB, a free and open-source bulletin board widely used across the web, and that 58 percent of the IP addresses stolen already appeared on HIBP's database. As ThreatPost explained, phpBB and other DIY platforms are a popular choice for fan forums within the gaming community and are often vulnerable to attacks due to being poorly maintained. Still, it's unclear whether XKCD's forum was running an older version of phpBB. Engadget has reached out to XKCD for comment, and will update if we hear back.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1 Shares
Share
Tweet
Share

Popular on Engadget

Garmin's daintiest watch ever is designed for small wrists

Garmin's daintiest watch ever is designed for small wrists

View
2021's first big Xbox exclusive is just OK

2021's first big Xbox exclusive is just OK

View
Intel starts shipping its first Iris Xe discrete graphics cards for desktop

Intel starts shipping its first Iris Xe discrete graphics cards for desktop

View
Virgin Hyperloop outlines how it thinks journeys will actually work in 2030

Virgin Hyperloop outlines how it thinks journeys will actually work in 2030

View
‘Babylon 5 Remastered’ now available to buy, or stream on HBO Max

‘Babylon 5 Remastered’ now available to buy, or stream on HBO Max

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr