An online forum for Android fans and developers was compromised and user account details stolen, according to a notice posted online on Tuesday.
Phandroid.com, which operates Androidforums.com told users that hackers had breached a back end database that powers Androidforums.com, an online bulletin board for Android users and developers.
In a post on the forum, an administrator using the handle “Phases” said that hackers breached the forums using a known exploit and that a list of Androidforums.com users was accessed and possibly downloaded. The information contained in that database includes androidforums usernames, email addresses , hashed passwords, the IP addresses members registered with and forum group memberships, among other data.
Phandroid.com believes the attack was aimed at gathering e-mail addresses for spam runs. “A spammer could theoretically attempt to bulk e-mail all (Androidforums.com) users with the user database,” the Phandroid warned. Other possibilities include targeted attacks against forum members. The presence of IP address for the users could allow an attacker to determine where the user lives. Alternatively, the attackers could take the stolen username and password data and attempt to compromise other online accounts using the same credentials, the site warned.
This is just the latest in a string of attacks aimed at harvesting e-mail addresses, user names and passwords. Just this week, the social Q&A Web site Formspring said that it was the victim of a hack that yielded hashed passwords for around 420,000 of its users. Yahoo warned users of its Yahoo Voice service of a breach in which 400,000 plaintext passwords were stolen from the company and posted online.