XKCD forums breached

The forum for the techie-darling comic strip XKCD was still offline on Monday afternoon after Troy Hunt’s breach site, Have I Been Pwned, reported on Sunday that 562,000 of the forum’s accounts had been breached sometime in August.

New breach: XKCD had 562k accounts breached last month. The phpBB forum exposed email and IP addresses, usernames a… twitter.com/i/web/status/1…

—
Have I Been Pwned (@haveibeenpwned) September 01, 2019

A breach notice on the echochamber.me/xkcd forums echoed Hunt’s message: portions of the forums’ phpBB user table showed up in a cache of leaked data, it said. The forum exposed usernames, email addresses, passwords salted and hashed using the obsolete MD5 hashing function, and IP addresses.

To translate: MD5 is a hashing function, and it’s not a good one. For over a decade, it’s been recognized as not producing truly random hashes and there have been far, far better solutions for storing passwords for decades.

As Naked Security’s Mark Stockley said back when he ditched his Yahoo account, the final nail in the coffin was the fact that Yahoo said, in its December 2016 mega-breach announcement, that it was hashing passwords with MD5 (and, in some cases, encrypted or unencrypted security questions and answers).

Was Yahoo bolstering the not-so-random randomness of MD5 hashing by using it in the context of a more complex “salt, hash and stretch” password storage routine, like PBKDF2, bcrypt or scrypt?

Yahoo didn’t say – not a good sign. So out the window went Mark’s Yahoo account.

These things matter because hashing on its own isn’t good enough. A hashing function is a one-way street: Hashing is a mathematical function that encodes a secret, taking an alphanumeric string such as a password and using it to produce another string, called a digest.

You can calculate the digest easily using the password, but you can’t go backwards: you can’t calculate the password by using the digest.

That makes it great for storing passwords securely. When a user logs in using their password, the web application can quickly hash it. If the digest matches the one on file, the user gains access. Yet if anyone steals the password database, they can’t read it. (Although hashing is fundamental to good password security, there’s more to it than that – for a detailed primer, see how to store your users’ passwords safely.)

Unfortunately, as we learned back in June, not all CMS software packages use hashing properly. Three researchers from the Department of Digital Systems at the University of Piraeus in Greece tested several CMS products to see how well they hashed user passwords. The answer:

We have discovered that many CMS use outdated hash functions.

phpBB, however, was one of the good ones: phpBB is the open-source message board software on which XKCD runs its forums. The researchers said that the CMS was among the most secure systems from a hashing perspective because it used bcrypt, a password hashing function that’s resistant to GPU-based parallel computing cracks.

(At least some of?) XKCD passwords were salted/hashed

Unlike Yahoo and it’s hear-no-md5-evil, speak-no-md5 evil silence on salting/hashing/stretching, XKCD forums said that the breached passwords that showed up in Have I Been Pwned were, in fact, salted and hashed.

We’ve been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection. The data includes usernames, email addresses, salted, hashed passwords, and in some cases an IP address from the time of registration.

But it’s unclear just how many passwords were salted and hashed. IT Pro reports that the records appear to “mostly” be hashed using the far more secure bcrypt algorithm, although “some accounts are still encrypted via the older, less secure md5 encryption method.”

A mix of different hashes like this normally indicates that the password hashing code has been updated at some point, but not all the existing users have been moved on to the new, more secure algorithm, perhaps because they’re inactive.

Flaw in phpBB/no flaw in phpBB??

An earlier version of the breach notification that was up on Sunday suggested that the leak may have been enabled by an attacker scanning for a vulnerability in phpBB:

It is likely that it was gathered up in some automated scan taking advantage of a vulnerability in the forum software.

…but given that the breach notification was amended at some point to ditch the possibility of this flaw in phpBB, such a flaw has presumably been ruled out.

According to Hunt, 58% of the addresses were already in his trove of breached accounts.

Has the Correct Horse Battery been stapled?

It’s impossible not to note the irony of XKCD being targeted and that there’s even a hint of a possibility that the security of its password storage might come into play. As it is, the comic’s musings/teachings on password entropy are a constant touchstone in conversations about how to pick a proper password: the correct horse battery staple strip about password strength is a classic.

But regardless of how the passwords got breached, we can turn to another XKCD strip – this one about password reuse – for the “What to do?” answer. We can also get it from the XKCD forums’ notification.

Namely, if you’re an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password.

Using the same passwords on multiple sites leaves you a sitting duck. Here’s how to pick a proper one, and by that we mean one that’s both strong and unique for each site:

(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)

And if a website gives you the option to turn on two-factor authentication (2FA or MFA), do that too. Here’s an informative podcast that tells you all about 2FA, if you’d like to learn more: