Following the high-profile breach of one of Yahoo’s subdomain servers and the resulting leak of over 450,000 passwords stored in clear text in one of the exfiltrated databases, today was marked with the revelation of three more breaches: the official forum site of technology company NVIDIA, Androidforums.com, and Billabong.com.
NVIDIA suspended operation of its forum page last week, and came out with the reason yesterday, explaining that unauthorized third parties gained access to some user information: usernames, email addresses, hashed passwords with random salt value, and public-facing “About Me” profile information.
The company pointed out that when the system comes back online, all user passwords will be automatically reset and an email with a temporary password, along with instructions on how to change it, will be sent to the users’ registered email address.
“As a precautionary measure, we strongly recommend that you change any identical passwords that you may be using elsewhere,” it said in the statement. “Do not provide personal, financial or sensitive information (including new passwords) in response to any email purporting to be sent by an NVIDIA employee or representative.
An Android Forums administrator has been tasked with warning users – over one million of them – about the breach into the server hosting androidforums.com and the fact that the website’s database – containing unique ids, usernames, emails, hashed and salted passwords, registration IP addresses, usergroup memberships, and other less critical information – was accessed and likely exfiltrated.
He says that the exploit used for the attack has been identified and resolved, and that the server has been hardened against future attacks.
“This was, in our current opinion, most likely an e-mail harvesting attempt. A spammer could theoretically attempt to bulk e-mail all AF users with the user database,” wrote the administrator, but still warned about possible phishing attempts against the users and staff – not to mention the fact that the passwords can be used to gain access to users’ accounts.
Consequently, he urged users to change their passwords immediately – even before reading the warning.
Finally, clothing manufacturer Bilabong has allegedly had its main web server hacked and 20,000 to 35,000 user names and corresponding passwords stolen from it.
The claim was made via a post on CodePaste.net but, as ars technica reports, only 1,435 plaintext user credentials were shared with the public so far.
The company has yet to confirm or deny the claim that the attackers penetrated their website’s defenses.