XKCD Forum Breach Impacts More Than Half a Million Users

By David Basch on at

XKCD, a popular science and technology webcomic, is the latest site to have its user's information breached, resulting in 562,000 accounts having their usernames, passwords, and IP addresses exposed online.

Cybersecurity authority Have I Been Pwned broke the news last weekend:

If you have a wander over to the XKCD forums right now you'll be greeted by a service unavailable status and the following message:

"We've been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection. The data includes usernames, email addresses, salted, hashed passwords, and in some cases an IP address from the time of registration.

We’ve taken the forums offline until we can go over them and make sure they're secure. If you're an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password."

The webcomic's forum uses phpBB, a free, open-source bulletin board used widely across the web. The DIY forum platform is a popular choice for fan forums owing to its simple setup and open-source nature, but a lack of official support renders it more vulnerable to cyber attacks. It is not currently clear which version of the software XKCD forums were running, or the exact nature of the security breach that took place.

If you're a member of the forum, it's probably a good idea to go ahead and change your login credentials, as well as the credentials of any accounts using the same password. Salted and hashed passwords are harder to crack, but better safe than sorry. [Slashgear]

Featured image: Unsplash