Attackers nab credentials of security firm message board users

Web Services

A contractor hosting the ESET Security Forum discovered the breach. Hackers had gained access to usernames, email addresses and encrypted passwords, according to an announcement posted on the site. No financial or other sensitive data was affected, ESET officials said. ESET software users and the company’s infrastructure are not impacted, they added.

The forum is maintained by Invision Power Board from Invision Power Services. “The passwords are protected by a one-way hash function provided by IPS for the forum software,” SecurityWeek reports.

ESET officials said they had unconfirmed indications of suspicious activity on the forum the last week of May. “Immediately we posted recommendation to users to change passwords without detailing the incident (because we did not have any details at that time, just indication) - this statement was as precaution at that time,” officials explained.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.