UK-based photo editing, graphic design and publishing software developer Affinity recently informed its forum members of a data breach that occurred on April 6.
The company said a hacker gained access to forum user data after compromising an administrator’s account. The attacker may have accessed information such as username, reputation, join date, post count, email addresses, and the last used IP address.
While most of the compromised information is already public, the email address and IP are not, and this type of information can be useful to malicious actors for targeted phishing attacks. Affinity has warned forum users about the risk of phishing.
It’s unclear how many users had their data compromised, but the Affinity forum has nearly 175,000 members.
Serif, the company that owns Affinity, said it’s confident that user passwords were not compromised in the breach.
“Please be reassured that any information accessed does not include any financial data, purchase history, physical addresses, phone numbers or anything else held within your main Affinity account / AffinityID. The forum is a standalone system which is completely separate from your Affinity account,” the company added.
The Affinity forum data breach has been reported to the UK Information Commissioner’s Office (ICO) and steps have been taken to prevent such incidents in the future.
It’s unclear how the administrator account was compromised, but in many of these types of incidents account hacking is possible because two-factor authentication has not been used.
Related: 400,000 Users Hit by Data Breach at Media Player Maker Kodi
