UK-based photo editing, graphic design and publishing software developer Affinity recently informed its forum members of a data breach that occurred on April 6.
The company said a hacker gained access to forum user data after compromising an administrator’s account. The attacker may have accessed information such as username, reputation, join date, post count, email addresses, and the last used IP address.
While most of the compromised information is already public, the email address and IP are not, and this type of information can be useful to malicious actors for targeted phishing attacks. Affinity has warned forum users about the risk of phishing.
It’s unclear how many users had their data compromised, but the Affinity forum has nearly 175,000 members.
Serif, the company that owns Affinity, said it’s confident that user passwords were not compromised in the breach.
“Please be reassured that any information accessed does not include any financial data, purchase history, physical addresses, phone numbers or anything else held within your main Affinity account / AffinityID. The forum is a standalone system which is completely separate from your Affinity account,” the company added.
The Affinity forum data breach has been reported to the UK Information Commissioner’s Office (ICO) and steps have been taken to prevent such incidents in the future.
It’s unclear how the administrator account was compromised, but in many of these types of incidents account hacking is possible because two-factor authentication has not been used.
Related: 400,000 Users Hit by Data Breach at Media Player Maker Kodi
Related: 4.8 Million Impacted by Data Breach at TMX Finance
Related: 500k Impacted by Data Breach at Debt Buyer NCB
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
