SARDONIC ACRONYMED COMIC SITE XKCD has splurged 560,000 user profiles onto the web following a leak of their forum.
The popular site, which often turns to the ludicrous world of tech for its subject matter, confirmed that it had been contacted by Have I Been Pwned to warn that its users were now in the public domain. The initial spotter of the leak was a white-hat hacker by the name of Adam Davies.
Users are currently greeted by a 503 error and a warning message from the site administrator: "The xkcd forums are currently offline. We've been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection. The data includes usernames, email addresses, salted, hashed passwords, and in some cases an IP address from the time of registration.
"We've taken the forums offline until we can go over them and make sure they're secure. If you're an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password."
The leak didn't come from the main site, but from the forum, which was built using open-source software called phpBB - a bulletin board module that is designed to be easily incorporated into existing sites.
Whilst it's a great way to get started in the world of online communities, it does require websites to manually upgrade to the latest version in order to get security patches.
We don't know yet if XKCD was running a recent version and was pwned anyway, and it's almost immaterial - the leak happened either way and the advice is pretty clear - change your password and any other passwords that are the same or similar. Your old password belongs to the internet now. (evil cackle).
There's no confirmation as yet as to when the forums are going to be back up, which is annoying as you won't be able to update your password until they are. μ
Security start-up within hits rough time
New trick up your sleeve
Credit limit disparity link to shlong
Cheaper Big Macs are available