Graphics card maker and Android fan forum both suffer breaches
Two popular forums have become the latest hacking victims, with both Nvidia and an Android community site reporting breaches.
Nvidia has temporarily shut its forum in response. The graphics chip firm reported that its Nvidia Developer Zone forum was hacked by a third party, who may have gained access to hashed passwords. It has closed the site down while the hack is investigated and fixes the vulnerability.
"We are investigating this matter and working around the clock to ensure that secure operations can be restored," a statement read. "As a precautionary measure, we strongly recommend that you change any identical passwords that you may be using elsewhere."
That statement added that users should beware of spam emails and warned them not to provide personal, financial or sensitive information via email.
In a similar case, the Android community Phandroid also reported that it had been hacked, with as many as one million passwords being compromised.
A post on the forum said that the database was accessed, with "Unique ids, usernames, emails, hashed (encoded) and salted passwords, registration IP addresses, usergroup memberships, infraction levels, last time online, last post date and post count," possibly compromised.
The post added that it was most likely an email harvesting campaign, where email addresses are collected to spam at a later date, and that the vulnerability had been identified and resolved. Additional security measures have been added to the server, Phandroid said.
"No website wants to make an announcement like this," the statement added. "I assure you we, as the Neverstill Team, could not apologise profusely enough. Websites come under attack all the time – and sometimes the bad guys make it in. Unfortunately for us, yesterday was our time. We have been attacked before but never breached, and please know we are going to continue to do everything in our power to ensure it doesn’t happen again."
Phandroid also called on its members to change their passwords.
These two hacks once again highlight the risks of using the same password for multiple sites. The consequence of that lax attitude to security is that if you get hacked in one place, your other online accounts could also be accessed," said Graham Cluley of Sophos.
"For instance, if you used the same password on NVIDIA as you did on your web email account – it would be child’s play for hackers to gain access to your personal communications and steal other information about you," he added.
The news comes just a day after Yahoo confirmed that its Yahoo Voices user-generated content portal had been hacked, with nearly 500,000 usernames and passwords stolen. Incredibly it looks like the stolen data was being stored in unencrypted in plaintext format.