BitTorrent has warned users of its uTorrent client to change their passwords after a third-party breach allowed hackers to walk off with a list of its forum users.
“On June 6th, 2016, BitTorrent was made aware of a security issue involving the vendor which powers our forums,” the company said in an advisory this week. “The vulnerability appears to have been through one of the vendor’s other clients, however it allowed attackers to access some information on other accounts.”
A request for comment from BitTorrent was not returned in time for publication.
BitTorrent said on Tuesday it was investigating whether any other information was accessed. For now, the forum hosting provider has closed off the attack vector.
“Our vendor has made backend changes so that the hashes in the file do not appear to be a usable attack vector,” BitTorrent said.
This is just the latest incident in a long line related to user account data. In the past two weeks, major caches of credentials belonging to MySpace, LinkedIn, Tumblr, VK.com and Twitter users have been dumped online. While the respective technology providers were not breached, the credentials were snagged in other attacks and are being sold in bunches for short money. Experts are urging users and providers to secure credentials, and especially be wary of password reuse.
“While the passwords may not be used as a vector on the forums, those hashed passwords should be considered compromised,” BitTorrent said. “Anyone using the same password for forums as well as other places is strongly advised to update their passwords and/or practice good personal security practices.”
