After an administrator’s account was compromised, Affinity, the owner of a forum with almost 175,000 members, confirmed that a hacker accessed user data. The company has warned that the hacker may have accessed usernames, reputation, join dates, post counts, email addresses, and last used IP addresses.
While most of this information is already publicly available, email addresses and IP addresses can be utilized for targeted phishing attacks. However, Affinity has affirmed that no financial information, purchase history, physical addresses, or phone numbers were compromised, and the forum is a standalone system separate from Affinity accounts.
The company has reported the breach to the UK Information Commissioner's Office (ICO) and has taken measures to prevent similar attacks in the future. Although it is unknown how the administrator account was compromised, the incident emphasizes the importance of using two-factor authentication to prevent account hacking.