HardwareZone forum hit by security breach, hacker retrieves data of 685,000 registered users

The hacker retrieved user profile data which comprised name, email address and user ID and possible optional data fields such as occupation and gender.
Screengrab/HardwareZone

The profile data of 685,000 registered users on HardwareZone’s (HWZ’s) popular forum was compromised after a hacker compromised a senior moderator’s account, said SPH Magazines, which owns the site, on Tuesday (Feb 20).

A statement said a suspicious posting on the forum on Feb 18 gave the hacker’s game away, and an investigation was immediately launched.

It was found that the hacker had used compromised credentials to impersonate the site’s senior moderator in order to retrieve user profile data which comprised name, email address and user ID and possible optional data fields such as occupation and gender.

Some good news though.

The database of HWZ, which is popular for its technology news and product reviews, does not contain NRIC numbers, telephone numbers and addresses as these were purged in line with the Personal Data Protection Commission (PDPC) Guidelines in July 2015, added the statement.

SPH Magazines said that a police report had been made and PDPC has been informed of the matter. It has also engaged security consultants to conduct a thorough review of the system.

As a matter of precaution, forum users have been advised to change their forum account password.

The statement added: “SPH Magazines and HWZ sincerely apologise to HWZ users for this breach of security. We remain committed to protecting all personal data shared with us.”