NVIDIA, Android forum join password hack parade

NVIDIA suspended operations of its NVIDIA Developer Zone on Thursday after “unauthorized third parties” attacked the site and “may have gained access to hashed passwords”, the company said in a statement.

"We are investigating this matter and working around the clock to ensure that secure operations can be restored”, NVIDIA said, adding that users should change any identical passwords used elsewhere.

Phandroid, an online community for Android enthusiasts, admitted on Tuesday that the server hosting androidforums.com was comprised and the database accessed by hackers.

“While we can't prove or disprove whether or not the data was downloaded (due to the way the data was transferred), it's completely possible…and we've taken action assuming this is the case”, wrote Rob Phases with Phandroid in a blog.

The compromised database contains user unique IDs, user names, emails, hashed and salted passwords, registration IP addresses, user group memberships, and other account-related information.

Phases said the breach was probably an email harvesting attempt. “It's also absolutely possible that nothing of consequence happened. There is some chance they did not get enough of the database to matter, did this for fun to see if they could, or will not move forward with any plans after finding out we're actively investigating. This is a serious offense and you can best bet we are doing just that”, he added.

NVIDIA and Phandroid join Yahoo and Formspring as password breach of the week poster children. What distinguishes Yahoo from the other breaches is that its passwords were not encrypted.

What’s Hot on Infosecurity Magazine?