The user forum for popular web comic XKCD was shut down this weekend after administrators were alerted to a security breach that quietly exposed members' data. Security researcher Troy Hunt added XKCD to the years-running list of compromised sites at Have I Been Pwned, pinpointing July 1 as the date of the breach.
A message from forum administrators confirmed nearly 562,000 usernames, email addresses, hashed passwords and some IP addresses were stolen.
"We've taken the forums offline until we can go over them and make sure they're secure. If you're an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password," it reads.
In a tweet Sunday, Have I Been Pwned noted that 58% of email addresses affected in the breach were already listed on its site for previous, unrelated breaches.
Forums were still offline Tuesday at the time of publication.
XKCD didn't immediately respond to a request for comment.