UK-based software developer Affinity, known for photo editing, graphic design, and publishing software, has suffered a data breach that occurred on April 6. The company informed its forum members of the breach that occurred due to a hacker compromising an administrator’s account.
The hacker may have accessed user data such as usernames, reputation, join date, post count, email addresses, and the last used IP address.
Although most of the compromised information is already public, the email address and IP are not, and this type of information can be valuable to malicious actors for targeted phishing attacks.
Affinity has warned its forum users about the risk of phishing. The total number of users affected by the breach is not clear, but the Affinity forum has almost 175,000 members.
According to Serif, the company that owns Affinity, user passwords were not compromised in the breach. Additionally, Serif has clarified that the information accessed by the hacker does not include financial data, purchase history, physical addresses, phone numbers, or anything else held within the main Affinity account.
The forum is a standalone system that is entirely separate from the Affinity account.
The Affinity forum data breach has been reported to the UK Information Commissioner’s Office (ICO), and measures have been taken to avoid such incidents in the future.
It is unknown how the administrator account was compromised, but in several such incidents, account hacking is possible because two-factor authentication is not used.
Therefore, it is crucial for companies to ensure the use of such authentication to prevent such breaches.
