uTorrent Forum latest casualty in Hacking Gone Wild - gHacks Tech News

uTorrent Forum latest casualty in Hacking Gone Wild

When you open the official uTorrent web forum right now, a security advisory notifies you that forum data has been compromised and that attackers were able to download the forum user list.

Users of the forum should consider passwords used on the forum as compromised even though they have not been available in clear text but as hashed passwords.

The company suggests to update all third-party accounts where the same password has been used, especially if the same username or email address was used as well.

uTorrent Forum

utorrent forum hacked

The full announcement reads:

On June 6th, 2016, BitTorrent was made aware of a security issue involving the vendor which powers our forums.

The vulnerability appears to have been through one of the vendor’s other clients, however it allowed attackers to access some information on other accounts.

As a result, attackers were able to download a list of our forum users. We are investigating further to learn if any other information was accessed.Our vendor has made backend changes so that the hashes in the file do not appear to be a usable attack vector.

As a precaution, we are advising our users to change their passwords. While the passwords may not be used as a vector on the forums, those hashed passwords should be considered compromised. Anyone using the same password for forums as well as other places is strongly advised to update their passwords and/or practice good personal security practices.

The announcement highlights that the attackers managed to use a vulnerability on another client of the forum vendor to attack the uTorrent forum indirectly and grab the list of users from the site.

The forum is powered by Invision Power, a company that is offering enterprise services such as managed plans and an enterprise platform that hosts forums.

Additionally, it is unclear currently if other data has been dumped as well.

The uTorrent forum has over 380,000 members according to TorrentFreak, and is visited by tens of thousand of users daily.

Apart from the direct damage caused by the hack, there is also a chance that the data may be used to identify users and link them to posts they have made on the forum.

One possible outcome of the hack could be a series of ransomware / phishing / social engineering emails, for instance emails claiming to have been sent by law enforcement agencies.

The uTorrent Forum hack is just one in a series of hacks that originated in 2016 or came to light when hackers offered huge password databases on the darknet.

Was one of your email addresses or accounts listed in one of the hacks? What did you do to resolve the issue?

Now Read: 4 Simple Password Creation rules and 6 common sense tips

Summary
uTorrent Forum latest casualty in Hacking Gone Wild
Article Name
uTorrent Forum latest casualty in Hacking Gone Wild
Description
When you open the official uTorrent web forum right now, a security advisory notifies you that forum data has been compromised and that attackers were able to download the forum user list.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. drop said on June 8, 2016 at 8:35 pm
    Reply

    no worries! invision forum doesn’t store password in plain text .:)

    1. Croatoan said on June 8, 2016 at 9:34 pm
      Reply

      “As a precaution, we are advising our users to change their passwords”
      better safe than sorry

    2. Martin Brinkmann said on June 9, 2016 at 6:34 am
      Reply

      It is probably easy enough to crack half the passwords or more in record time using brute forcing or password lists considering that convenience tops security for many.

  2. CHEF-KOCH said on June 8, 2016 at 9:38 pm
    Reply

    Why they not communicate via GitHub? It’s always behind me, GitHub is known as secure and it’s free. Why they build own forums which are possible vulnerable or known as attack able is beyond me. The time you waste trying to maintain your own forum could be used for other stuff.

    1. sad said on June 9, 2016 at 5:06 am
      Reply

      GitHub is not a forum

  3. asd said on June 9, 2016 at 11:59 am
    Reply

    it’s been my habit in the past decade or more to use temporary email for services that don’t need my real email. Glad my paranoia paid off. Hackers can do whatever they want with my temporary email, random username, and long ass password. haha

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.