First published: 04th September 2019
XKCD, the webcomic that brought us correcthorsebatterystaple has suffered a data breach that impacted 562k subscribers. Users of forums.xkcd.com should remember XKCD's strip on password reuse:
The comic on hacking concisely illustrates what is happening:
According to data-breach reporting website Have I Been Pwned?, white hat security researcher and data analyst Adam Davies reported the breach. In July 2019 the forum for the webcomic, which uses phpBB, leaked usernames, email and IP addresses and salted, hashed passwords stored in MD5 phpBB3 format.
The forum has been taken offline, and https://forums.xkcd.com/ returns a 503 Service Unavailable error, with the warning:
If you're an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password.