UTorrent forums hacked and user passwords likely compromised
UTorrent forum databases have been breached, prompting the BitTorrent client to release a "security advisory" informing its users of the hack and requesting them to change their passwords. UTorrent considers user passwords to have been compromised, which in turn may have exposed the private information of hundreds of thousands of users.
According to TorrentFreak, the UTorrent forums have over 388,000 registered members and thousands of daily visitors, making it one of BitTorrent's most popular clients. UTorrent said it was informed of the breach by one of their software vendors earlier in the week. As many as 34,000 usernames, email addresses, IP addresses are believed to have been accessed by hackers
In its announcement, UTorrent said: "On June 6th, 2016, BitTorrent was made aware of a security issue involving the vendor which powers our forums. The vulnerability appears to have been through one of the vendor's other clients. However, it allowed attackers to access some information on other accounts. As a result, attackers were able to download a list of our forum users. We are investigating further to learn if any other information was accessed."
Coincidentally, security tracking site LeakedSource posted a tweet claiming to have reported about the UTorrent breach six months ago. Security researcher Troy Hunt's "Have I been pwned" also posted a similar tweet claiming that the UTorrent accounts were hacked in January, indicating that the data trading site may have been in the dark about the breach for a considerable length of time.
It is still unclear as to what data was compromised as a result of the hack. UTorrent also mentioned that its vendor has taken measures to mitigate the consequences of the breach. However, maintaining caution, it considers even hashed user passwords to have been among the data which may have been compromised.
Hunt told Motherboard: "This just adds to the troves and troves of data we've seen leaked in recent times. It also follows a similar pattern to many previous data breaches; a PHP-based forum storing passwords in a weak fashion and being leaked without the site owner even realising it."
UTorrent has requested users to change their passwords "as a precaution", adding that "anyone using the same password for forums as well as other places is strongly advised to update their passwords and/or practice good personal security practices".
© Copyright IBTimes 2024. All rights reserved.