XKCD forum users involved into a major data breach – security researchers report about 562K victims
XKCD platform that is known as one of the most popular webcomic services is dealing with a data breach involving over 560,000 users. Created and released by Randall Munroe 14 years ago, XKCD aims to provide a catchy dose of humor and black comedy for users all over the world daily.
Unfortunately, due to unknown reasons, hundreds of thousands of XKCD phpBB forum users got their usernames, IP addresses, email addresses, and even encoded passwords leaked. Nevertheless, according to security researchers, about 58% of the breached emails have already ended up on the Have I Been Pwned network. XKCD acknowledged the incident and has put the forum offline.
The XKCD has provided the warning message regarding the breach
If you try to visit the xkcd.com website, you will be provided with a 503 Service Unavailable message and also an information note regarding the data breach. Here, the owner of the service is claiming that the forums have been made inaccessible for safety measures and users are urged to change their passwords right away:
We’ve taken the forums offline until we can go over them and make sure they're secure. If you're an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password.
The first one to discover the data leak was Adam Davies who shared this discovery with Troy Hunt directly. Currently, the author of XKCD comics has taken required security measures: deactivated the forums, put their efforts to find ways to fix things and is constantly contacting potential victims via email.
Speculations: the exposure might has occurred due to old forum software
The main reasons of the XKCD breach still remain unknown. However, there have been numerous speculations that the information was exposed due to an outdated version of the forum. It should be noticed that older versions of the software are very easy to hack and misuse for illegitimate tasks due to numerous vulnerabilities.
As a result, older XKCD forum users might have a bigger chance of getting their passwords exposed as the security was less advanced then. At the moment, XKCD might be running over a more protective phpBB variant.
XKCD breach is not the only one that has shook the Internet lately
Data breaches, unfortunately, are quite frequent and every user needs to be concerned about the safety of their personal information. Ensure that strong and advanced passwords are always chosen to secure your online accounts. In this case, if you were the member of XKCD forums, make sure you change your password to all accounts with the same password.
Besides, using multi-factor or two-factor authentication settings will also harden the hacking process for cybercriminals. If such step seems boring and time-consuming, note that all of these steps are necessary to save your data and even funds.
Data leakages have mostly been targeting worldwide healthcare organizations, big manufacturers, financial institutions, and even some governmental companies. One of the most recent breaches has touched Foxit Software. This incident related to the exposure of over 525 million records.