MoDaCo; a forum specialising in smartphone and Pocket PC news and reviews, has just notified users of a data breach. MoDaCo founder, Paul O’Brien has reported the breach on Twitter: “haveibeenpawned is reporting a data breach. We’ll post a statement later today, however be assured all passwords are hashed and salted.”
In response of this news Mark James, IT Security Specialist at ESET commented below.
Mark James, IT Security Specialist at ESET:
“People are receiving reports from one of the many breach notification sites that MoDaCo has suffered a breach of over 875 thousand accounts. With data that includes email & IP addresses, passwords and usernames, nothing out of the ordinary there. To be honest data breaches happen all the time, this particular one is causing a bit of a storm on their own forums as the users would like to have received notification from the owners first not through a third party site. Looking through the forum posts many of the users have not used the site for a while and were looking for means to delete their accounts. The problems of course are that when we create usernames and passwords on sites that reflect our current interests if we then move on or stop using those sites it’s sometimes difficult or almost impossible to delete those redundant accounts. This breach apparently happened in January 2016 (that needs to be confirmed officially) but at least the passwords were stored as salted MD5 hashes and not in plaintext.”