Hackers appear to have broken in via a compromised admin account
UK-based Android community MoDaCo has suffered a data breach, potentially exposing a database of hundreds of thousands of online users.
MoDaCo founder Paul O'Brien has issued a statement, apologizing to affected users and stating that all stored passwords are salted and hashed:
Part of the statement reads as follows:
Earlier today a number of users contacted us to inform us that data breach tracking site, haveibeenpwned.com, is notifying users of a data breach of the MoDaCo database.
After initial investigations, we have determined that this report is correct - a dump of the MoDaCo database has been extracted by an unauthorised entity.
First of all - we are of course very disappointed that this has happened, the security of your data is very important to us - I appreciate we've let you down in this regard but hope we can allay some concerns and do our best to rebuild your confidence starting now.
MoDaCo runs on a market leading CMS, is regularly updated and runs on a server which too receives regular updates and security scans. We chose the CMS we use because it receives frequent security fixes and most importantly, stores passwords in a very secure Blowfish based form.
Although password details might be out of the hands of hackers, it seems that other personal information - such as usernames and email addresses - may have been exposed. As a result, affected users would be wise to be on the lookout for phishing attacks and spam campaigns.
Read more: https://www.grahamcluley.com/2016/0...aco-suffers-data-breach-user-database-stolen/
UK-based Android community MoDaCo has suffered a data breach, potentially exposing a database of hundreds of thousands of online users.
MoDaCo founder Paul O'Brien has issued a statement, apologizing to affected users and stating that all stored passwords are salted and hashed:
Part of the statement reads as follows:
Earlier today a number of users contacted us to inform us that data breach tracking site, haveibeenpwned.com, is notifying users of a data breach of the MoDaCo database.
After initial investigations, we have determined that this report is correct - a dump of the MoDaCo database has been extracted by an unauthorised entity.
First of all - we are of course very disappointed that this has happened, the security of your data is very important to us - I appreciate we've let you down in this regard but hope we can allay some concerns and do our best to rebuild your confidence starting now.
MoDaCo runs on a market leading CMS, is regularly updated and runs on a server which too receives regular updates and security scans. We chose the CMS we use because it receives frequent security fixes and most importantly, stores passwords in a very secure Blowfish based form.
Although password details might be out of the hands of hackers, it seems that other personal information - such as usernames and email addresses - may have been exposed. As a result, affected users would be wise to be on the lookout for phishing attacks and spam campaigns.
Read more: https://www.grahamcluley.com/2016/0...aco-suffers-data-breach-user-database-stolen/
