XKCD—one of the most well known webcomic platforms known for its geeky tech humor and other science-laden comedian strips on romance, sarcasm, math, and language—has experienced a information breach exposing knowledge of its discussion board consumers.
The safety breach happened two months in the past, in accordance to protection researcher Troy Hunt who alerted the organization of the incident, with unknown hackers thieving all-around 562,000 usernames, e mail and IP addresses, as effectively as hashed passwords.
Nonetheless, the leaked information was basically identified by protection researcher and data analyst Adam Davies, who shared a copy of it with Hunt.
At the time of crafting, XKCD has taken down its discussion board and posted a small discover on its homepage, as shared beneath, urging its end users to alter their passwords immediately.
“The xkcd discussion boards are at the moment offline. We have been alerted that portions of the PHPBB person table from our boards confirmed up in a leaked details assortment. The data features usernames, e-mail addresses, salted, hashed passwords, and in some conditions, an IP tackle from the time of registration.”
“We have taken the discussion boards offline right until we can go about them and make absolutely sure they’re protected. If you’re an echochamber.me/xkcd discussion boards user, you really should quickly transform your password for any other accounts on which you utilized the exact or a very similar password.”
The discussion board directors are also notifying influenced people through electronic mail.
As described, XKCD uses phpBB, a absolutely free and open-source discussion board and bulletin board computer software built in the PHP programming computer software.
However, at this second it really is unclear if XKCD was working with an older variation of the discussion board software program vulnerable to a stability flaw or the attackers exploited any beforehand undiscovered flaw in phpBB to extract the details unauthorisedly.
Aside from this, even if XKCD was operating around phpBB edition 3.1 and afterwards, which makes use of extra safe BCRYPT hashing algorithm, it is really doable that the passwords for early users of the XKCD discussion board have been encrypted via the older, much less safe MD5 hashing technique.
What you can do now: influenced end users are strongly recommended to immediately modify their XKCD password, as perfectly as passwords for any other online accounts which re-use the exact password.
Created in 2005 by American writer Randall Munroe, XKCD is a well known webcomic that focuses on tech, science, and internet tradition, with its topic issue varies from statements on daily life and really like to mathematical, programming, and scientific in-jokes.