The server hosting the AndroidForums.com Web site was recently compromised, and the Web site's database was accessed.
"Phandroid.com, which operates Androidforums.com, told users that hackers had breached a back-end database that powers AndroidForums.com, an online bulletin board for Android users and developers," writes Threatpost's Paul Roberts. "In a post on the forum, an administrator using the handle 'Phases' said that hackers breached the forums using a known exploit and that a list of AndroidForums.com users was accessed and possibly downloaded."
"This was, in our current opinion, most likely an e-mail harvesting attempt," an official notes states. "A spammer could theoretically attempt to bulk e-mail all AF users with the user database. Luckily, Gmail and similar e-mail services offer a 'spam' button that helps it to collectively identify and automatically filter potential spam. It's also absolutely possible that nothing of consequence happened. There is some chance they did not get enough of the database to matter, did this for fun to see if they could, or will not move forward with any plans after finding out we're actively investigating. This is a serious offense and you can best bet we are doing just that."
"The data that was accessed includes usernames, e-mail addresses, hashed passwords, registration IP addresses, and other less-critical forum-related information," writes ZDNet's Emil Protalinski. "At the time of writing, the forum listed 1,034,235 members. If you are one of them, you should change your password: go to your UserCP or use the Forgot your password? function. Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well."