Popular web comic XKCD shuts down forum after hack

Thousands of usernames and passwords were apparently stolen.

Rae Hodge Former senior editor

Rae Hodge was a senior editor at CNET. She led CNET's coverage of privacy and cybersecurity tools from July 2019 to January 2023. As a data-driven investigative journalist on the software and services team, she reviewed VPNs, password managers, antivirus software, anti-surveillance methods and ethics in tech. Prior to joining CNET in 2019, Rae spent nearly a decade covering politics and protests for the AP, NPR, the BBC and other local and international outlets.

See full bio

Rae Hodge

Sept. 3, 2019 1:02 p.m. PT

XKCD-hack — Thousands of usernames and email addresses were exposed in a Sunday data breach at the forum of popular web comic XKCD.
XKCD

The user forum for popular web comic XKCD was shut down this weekend after administrators were alerted to a security breach that quietly exposed members' data. Security researcher Troy Hunt added XKCD to the years-running list of compromised sites at Have I Been Pwned, pinpointing July 1 as the date of the breach.

A message from forum administrators confirmed nearly 562,000 usernames, email addresses, hashed passwords and some IP addresses were stolen.

"We've taken the forums offline until we can go over them and make sure they're secure. If you're an echochamber.me/xkcd forums user, you should immediately change your password for any other accounts on which you used the same or a similar password," it reads.

In a tweet Sunday, Have I Been Pwned noted that 58% of email addresses affected in the breach were already listed on its site for previous, unrelated breaches.

Forums were still offline Tuesday at the time of publication.

XKCD didn't immediately respond to a request for comment.

Watch this: Finding our personal data on the dark web was far too easy

03:53