Nvidia, Phandroid Online Forums Hacked, Passwords Stolen

The attacks come at the same time that Yahoo is working to stem concerns after 450,000 user passwords were stolen following at hack of Yahoo Voices.

Nvidia and the Android Forum on the Phandroid Website are joining Yahoo as the latest organizations to have been hacked and user information compromised.

On the heels of Yahoo executives announcing July 12 that more than 450,000 user passwords were stolen in an attack on Yahoo Voices, Nvidia officials on the same day shut down its Developer Zone developer support Website after discovering a hack that may have led to hashed passwords being stolen.

The Yahoo and Nvidia disclosures came two days after Phandroid officials announced on their site that the server hosting the Android forum was hacked and the Website's database accessed. In their posting, the Phandroid officials said that while €œthe breach is most likely harmless, there are important and potential pitfalls.€

Yahoo, Nvidia and Phandroid join a growing list of Websites that are under attack by cyber-criminals looking to steal sensitive user information. LinkedIn last month reported that hackers stole more than 6.5 billion user passwords, prompting the social networking site to urge users to change their credentials. Online dating site eHarmony also had about 1.5 million passwords stolen and posted to an online forum.

The hacker attacks also have been the spotlight on the issue of password security, and the steps users should take to make those passwords more difficult to break and less damaging if they are compromised. One issue is people using the same password for multiple Websites, according to security experts.

€œPassword reuse is a big problem€”with an alarming number of people using the same password on multiple sites,€ Graham Cluley, senior technology consultant for Sophos Lab, said in a July 13 blog post. €œThe consequence of that lax attitude to security is that if you get hacked in one place, your other online accounts could also be accessed. For instance, if you used the same password on Nvidia as you did on your Web email account€”it would be child's play for hackers to gain access to your personal communications and steal other information about you.€

In their posts announcing the hacks, Nvidia and Phandroid officials urged users to address the issue.

€œAs a precautionary measure, we strongly recommend that you change any identical passwords that you may be using elsewhere,€ Nvidia officials said.

€œAlthough we€™re confident the threat is neutralized, it is still highly recommended that you change your password here and on other sites where you use the same username/password,€ Phandroid officials wrote.

Nvidia officials suspended the operations of the company€™s Developer Zone, and said they are investigating the hack. They told users that Nvidia never asks for sensitive information by email, and cautioned them against providing personal, financial or sensitive information in response to any email that says it comes from an Nvidia employee.

In their notice, Phandroid officials told users of their Android Forum€”which reportedly has more than 1 million users€”that the hack was €œmost likely an email-harvesting attempt,€ and that the problem has been resolved, with the server being hardened and that €œextra €˜just in case€™ actions have been taken €¦ and will continue to be taken.€