HTCMania is one of the most popular forums on mobile telephony in Spanish, with more than 1.5 million registered members. Of that total, as confirmed by the HaveIBeenPwned service, 1,488,089 accounts have seen their data exposed in a security breach produced in an unauthorized attack.
In HaveIBeenPwned have confirmed that the gap occurred on January 4, and that it revealed sensitive data such as birth dates, emails, user names, IP addresses and encrypted passwords.
HTCMania management already spoke of “possible unauthorized access” in March
HTCMania administrator Jorgekai explained in the forum on March 1, 2020 that there had been “possible unauthorized access” in the forum. “In the statement, he urged to change the password periodically. Furthermore, Jorgekai stated that they had met with the Telematic Crime Group of the Civil Guard, and they could verify that the data had been leaked. From the forum they emphasize that in the user base the only sensitive data they handle is the registration email.
However, he stressed that the passwords were not compromised, having been stored encrypted (MD5 with double salt) in the database. That they are encrypted does not prevent them from being decrypted, but makes it highly unlikely. The administrator also notes that it was not the forum software, based on the vBulletin platform, that suffered the attack, but the servers of your service provider.
At the time the attack was known, from HTCMania did not send an email to those affected. According to jorge_kai they did not do it because for many years they did not ask for registration mail. To check if your email is in the exposed group, you can go HaveIBeenPwned and enter yours. If it is, you will see a message like the one below.
On the web, together with HTCMania, other large gaps in which your email address has been involved are likely to appear. For this and other cases, we strongly recommend that you change your passwords, both on HTCMania and on other websites where you have used the same password associated with your exposed email, that you use a manager with strong passwords, and that, above all, never repeat them in no record.
Disney + is here: try it for free for 7 days. Then, 6.99 euros per month or 69.99 euros the annual subscription.
HTCMania was hacked in January, exposing almost 1.5 million accounts – so you can see if your data is compromised