The phpBB forum of webcomic XKCD has been hacked with the personal data of 562,000 members affected in compromised data systems.
Sensitive data in the form of usernames, email addresses, IP addresses and passwords - though hashed, were leaked. HaveIBeenPwned, a digital platform that blows the whistle on compromised systems and platforms added the data to their database on the 1st of September, claiming their investigations concluded 58% of the exposed “email addresses were already in other databases.”
Created by Randall Munroe in 2005, the popular webcomic provides a satirical and often humorous view of life through science, programming, the internet and technology.
It is said that the breach was first noticed by Security Researcher Troy Hunt, who brought this to the attention of XKCD two months ago when Adam Davies, a data analyst discovered the leak and shared copies of it with him.
The forum has since taken steps to rid the platform of the data thieves by taking it down and is working behind the scenes to investigate the source of the leak to make the forum safe once more.
Administrators of the forum wrote that,
The xkcd forums are currently offline. We’ve been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection. The data includes usernames, email addresses, salted, hashed passwords, and in some cases an IP address from the time of registration. We’ve taken the forums offline until we can go over them and make sure they’re secure.
XKCD shared in emails to its users that for the time being, updates will be shared on echochamber.me, which in recent times has also been taken down.
Users of both XKCD and echochamber.me are advised to make changes to their passwords or similar passwords on other sites as soon as possible to lessen the risk of their personal accounts being hacked.