Latest in Security

Image credit: zefart via Getty Images

XKCD forum breach exposes details from over 560,000 user accounts

Hackers breached the forum of the popular webcomic.
196 Shares
Share
Tweet
Share
Save

Sponsored Links

zefart via Getty Images

XKCD, the sarcastic webcomic revered by science and tech geeks, is now the butt of someone else's joke. Hackers breached the forum of the 14-year old site, stealing over 560,000 usernames, emails, IP addresses and hashed passwords. Security researcher Troy Hunt, who owns the data breach website Have I Been Pwned, alerted the site's administrators over the weekend. Hunt was originally tipped off about the breach by white hat hacker Adam Davies.

XKCD promptly took down its forum, and posted a short message warning users to change their passwords -- as well as any similar passwords for other accounts. "The xkcd forums are currently offline. We've been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection. The data includes usernames, email addresses, salted, hashed passwords, and in some cases an IP address from the time of registration. We've taken the forums offline until we can go over them and make sure they're secure. If you're an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password," wrote XKCD.

Hunt noted that the webcomic's forum uses phpBB, a free and open-source bulletin board widely used across the web, and that 58 percent of the IP addresses stolen already appeared on HIBP's database. As ThreatPost explained, phpBB and other DIY platforms are a popular choice for fan forums within the gaming community and are often vulnerable to attacks due to being poorly maintained. Still, it's unclear whether XKCD's forum was running an older version of phpBB. Engadget has reached out to XKCD for comment, and will update if we hear back.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
196 Shares
Share
Tweet
Share
Save

Popular on Engadget

LastPass patched a bug that could have exposed your passwords

LastPass patched a bug that could have exposed your passwords

View
Amazon's Fire tablets and Kindles are on sale for Prime members

Amazon's Fire tablets and Kindles are on sale for Prime members

View
How to buy a gaming headset

How to buy a gaming headset

View
OnePlus will unveil the 7T on September 26th

OnePlus will unveil the 7T on September 26th

View
Vivo's NEX 3 is a bezel-less 5G phone with a 64-megapixel camera

Vivo's NEX 3 is a bezel-less 5G phone with a 64-megapixel camera

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr