NVIDIA and Android Forums hacked, users advised to change passwords


Graphics technology firm NVIDIA has temporarily closed its online developer forum, after it fell victim to hackers who may have gained access to members’ hashed passwords.

A notice on the NVIDIA Developer Zone website has reminded users of the importance of ensuring that you do not use the same passwords on multiple websites.

NVIDIA security breach warning

NVIDIA suspended operations today of the NVIDIA Developer Zone (developer.nvidia.com). We did this in response to attacks on the site by unauthorized third parties who may have gained access to hashed passwords.

We are investigating this matter and working around the clock to ensure that secure operations can be restored.

As a precautionary measure, we strongly recommend that you change any identical passwords that you may be using elsewhere.

Password re-use is a big problem – with an alarming number of people using the same password on multiple sites.

The consequences of that lax attitude to security is that if you get hacked in one place, your other online accounts could also be accessed. For instance, if you used the same password on NVIDIA as you did on your web email account – it would be child’s play for hackers to gain access to your personal communications and steal other information about you.

Earlier this week, an online community popular with fans of Android smartphones also suffered at the hands of hackers. Phandroid’s AndroidForums.com was breached using “a known exploit”, and data including usernames, hashed passwords and so forth were accessed.

Android Forums security breach warning

Before reading this - please take a moment to change your password on androidforums.com. This can be done while logged in through your UserCP, or using the "forgot your password?" page if logged out.

I have some unfortunate news to pass along. Yesterday I was informed by our sever/developer team that the server hosting androidforums.com was compromised and the website's database was accessed. While the breach is most likely harmless there are important and potential pitfalls, and we want to provide as much helpful information to our users as possible (without getting too technical).

The trust of our users is extremely important and several staff members worked through the afternoon, evening, night, and morning to ensure we're doing everything possible to regain complete security.

Android Forums has over a million registered members. I’m one of them – so I was less than pleased to find myself having to change my password just in case it had been compromised.

The administrators of Android Forums said that they believed the hack was done with the intention of collecting email addresses to spam at a later date. So if you receive unexpected email messages, perhaps related to Android, think very carefully before clicking on their attachments or any embedded links.

Other sites to have been hit by hackers stealing information about users in recent weeks include Yahoo Voices, Formspring, Last.fm, eHarmony and LinkedIn.

You don’t have to be a soothsayer to accurately predict that other websites are going to have their users’ information accessed in the near future. Make sure you are following password best practice now – using different passwords for different sites, and ensuring that they are hard to guess and crack.