Around 50 % of the impacted accounts never posted on the forum which leads to the conclusion that they weren ’ t real users but bots . The stolen data contains email addresses , hashed passwords , and salts but none of the usernames were taken Attack.Databreach . However , good news is that all passwords have been reset . Therefore it ’ s too early to assume what happened or how attackers were able to access Attack.Databreach the database . Nevertheless , the administrators believe that it could be because of a phishing attack Attack.Phishing . It must be noted that one of the forum ’ s staff members was also impacted Attack.Databreach by the breach Attack.Databreach which is not surprising since hackers are successfully cracking passwords from previous data breaches Attack.Databreach and using them for further attacks . More : 21 Million Decrypted Gmail , 5 Million Yahoo Accounts Being Sold on Dark Web The forum is implementing new security measures including site-wide HTTPS support , 2-step authentication requirement for their staff and passwords randomizing of inactive accounts . This is not the first time when Android Forums was security issues . In 2012 , the forum suffered a massive data breach Attack.Databreach in which user credentials of 1 million users were stolen Attack.Databreach . At the time of publishing Attack.Phishing this article , the Android Forums was down for scheduled maintenance but you can still go through the security notice through Google Cache