Android Forums hacked, User Credentials Stolen

[Wubi]

Android Forums hacked, User Credentials Stolen

Phandroid's Android Forums Web site is hacked and user account details stolen, according to a notice posted online. The data includes the user names, e-mail addresses, hashed passwords, and registration IP addresses of the forums' more than 1 million users.

If you are one of them, you should change your password: go to your UserCP or use the Forgot your password?. Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well.

"I have some unfortunate news to pass along," the post reads. "Yesterday I was informed by our sever/developer team that the server hosting Androidforums.com was compromised and the website's database was accessed. While the breach is most likely harmless, there are important and potential pitfalls, and we want to provide as much helpful information to our users as possible (without getting too technical)."

Phandroid will continue to investigate what happened. The exploit used has been identified and resolved. All code that resides in the database and the file system has been thoroughly reviewed for malicious edits and uploads.

Recently, the social Q&A Web site Formspring said that it was the victim of a hack that yielded hashed passwords for around 420,000 of its users. Yahoo warned users of its Yahoo Voice service of a breach in which 400,000 plaintext passwords were stolen from the company and posted online.

http://thehackernews.com/2012/07/android-forums-hacked-user-credentials.html

[Nytro]

Citeam un articol frumos despre SQL Injection, articol din 2002. Au trecut deja 10 ANI, cand oare vor incepe sa se ia masuri, si sa nu se mai planga, sau sa apeleze la "autoritati"?

[Wubi]

Probabil niciodata. Inca din `98 de cand s`a mentionat prima data de SQL Injection. Deci, se pare ca in 14 ani, nu s`au invatat prea multe lucruri.