Over half a million fans of the popular XKCD webcomic have been impacted by a security incident on July 1 that exposed a large data collection of the XKCD forums. The forums are currently offline and have been replaced by a breach notification mentioning that parts of the XKCD forums user database “showed up in a leaked data collection.” The exposed data includes “usernames, email addresses, salted, hashed passwords, and in some cases an IP address from the time of registration.”
Data breach notification website Have I Been Pwned recently added the database to its collection. According to the website, 561,991 users are affected by the breach. In order to prevent impacted users from falling victim to credential stuffing attacks, where threat actors try to use compromised credentials for one website to take over accounts for another platform, the breach notification urges impacted users to change their passwords “for any other accounts on which [they] used the same or a similar password.”
Read more: XKCD Forum Breach Exposes Emails, Passwords of 562,000 Users