The popular webcomic platform XKCD has suffered a data breach that exposed data of its forum users, the incident impacted 562,000 subscribers.

XKCD is one of the most popular webcomic platform created by the American author Randall Munroe in 2005, it is a webcomic of romance, sarcasm, math, and language. XKCD has suffered a data breach that exposed data of its forum users. The data breach impacted 562,000 subscribers, the forum has been taken offline after the incident.

“The xkcd forums are currently offline. We’ve been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection.” read a message published on the XKCS forum “The data includes usernames , email addresses, salted, hashed passwords, and in some cases an IP address from the time of registration,”

The data breach took place on July 1st, 2019, the popular security researcher Troy Hunt, who received the data by security researcher Adam Davies, alerted the company of the incident.

New breach: XKCD had 562k accounts breached last month. The phpBB forum exposed email and IP addresses, usernames and passwords stored in MD5 phpBB3 format. 58% of addresses were already in @haveibeenpwned https://t.co/LGaAnj1hUA — Have I Been Pwned (@haveibeenpwned) September 1, 2019

58% of the leaked addresses were already in the HIBP archive because they are from previous data breaches.

Hunt added the data to the Have I Been Pwned (HIBP) website over the weekend. Exposed data include usernames , email and IP addresses, and passwords stored in MD5 phpBB3 format.

“We’ve taken the forums offline until we can go over them and make sure they’re secure. If you’re an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password,” continues the message.

Pierluigi Paganini

(SecurityAffairs – XKCD, data breach)