BreachExchange mailing list archives
androidforums.com: Important Notice - Security Breach - Update Your Password
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 12 Jul 2012 00:22:33 -0400
http://androidforums.com/site-updates-announcements/580371-important-notice-security-breach.html#post4645422 I have some unfortunate news to pass along. Yesterday I was informed by our sever/developer team that the server hosting androidforums.com was compromised and the website's database was accessed. While the breach is most likely harmless there are important and potential pitfalls, and we want to provide as much helpful information to our users as possible (without getting too technical). The trust of our users is extremely important and several staff members worked through the afternoon, evening, night, and morning to ensure we're doing everything possible to regain complete security. Here are the facts: - The exploit used has been identified and resolved. The server has been further hardened and extra "just in case" actions have been taken.. and will continue to be taken. - All code that resides in the database and the file system has been thoroughly reviewed for malicious edits and uploads. - No other sites in our network appear to have been accessed (we're triple checking). - The user table of AndroidForum's database was (at a minimum) accessed. While we can't prove or disprove whether or not the data was downloaded (due to the way the data was transferred), it's completely possible.. and we've taken action assuming this is the case. - Information in the user database includes: Unique ids, usernames, emails, hashed (encoded) passwords, registration IP addresses, usergroup memberships, infraction levels, last time online, last post date, post count... as well as far less critical things like number of PMs, visitor messages, last online dates, and some vbulletin options set in your UserCP. - Immediately following the incident, all ~100 staff were notified of a pending password change - and all passwords to were changed to random strings. Almost all are back in with new passwords. Because gaining access to a staff member account could pose the biggest threat, we first moved to secure these accounts. What Probably Happened This was, in our current opinion, most likely an e-mail harvesting attempt. A spammer could theoretically attempt to bulk e-mail all AF users with the user database. Luckily, GMail and similar e-mail services offer a "spam" button that helps it to collectively identify and automatically filter potential spam. It's also absolutely possible that nothing of consequence happened. There is some chance they did not get enough of the database to matter, did this for fun to see if they could, or will not move forward with any plans after finding out we're actively investigating. This is a serious offense and you can best bet we are doing just that. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- androidforums.com: Important Notice - Security Breach - Update Your Password Jake Kouns (Jul 13)