Hackers have breached the forum of the popular webcomic XKCD, stealing around 560,000 usernames, email and IP addresses, as well as hashed passwords.
XKCD disclosed the breach over the weekend, after security researcher Troy Hunt, who maintains the data breach notification website Have I Been Pwned alerted them. The forum has been taken offline.
“The xkcd forums are currently offline. We’ve been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection. The data includes usernames, email addresses, salted, hashed passwords, and in some cases an IP address from the time of registration,” the forum administrators wrote. “We’ve taken the forums offline until we can go over them and make sure they’re secure. If you’re an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password.”
Have a tip about a hack or a security incident? You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at email@example.com, or email firstname.lastname@example.org
XKCD is a 14-year old popular webcomic by Randall Munroe, which focuses on tech, science, and internet culture. Munroe has also written a handful of books in his now iconic stick figure style, including How To, Thing Explainer, and What If?
Hunt said that the data was found by white hat security researcher Adam Davies.
Subscribe to our new cybersecurity podcast, CYBER.