"Creative Software Maker Affinity Informs Customers of Forum Breach"

UK-based photo editing, graphic design, and publishing software developer Affinity recently informed its forum members of a data breach that occurred on April 6.  The company said a hacker gained access to forum user data after compromising an administrator’s account.  The adversary may have accessed information such as username, reputation, join date, post count, email addresses, and the last used IP address.  The company noted that while most of the compromised information is already public, the email address and IP are not, and this type of information can be useful to malicious actors for targeted phishing attacks.  It is unclear how many users had their data compromised, but the Affinity forum has nearly 175,000 members.  The company said it’s confident that user passwords were not compromised in the breach.  The Affinity forum data breach has been reported to the UK Information Commissioner’s Office (ICO), and steps have been taken to prevent such incidents in the future.  It’s unclear how the administrator account was compromised, but in many of these types of incidents, account hacking is possible because two-factor authentication has not been used.

SecurityWeek reports: "Creative Software Maker Affinity Informs Customers of Forum Breach"