Author Topic: ESET Forums Hacked  (Read 22613 times)

LowWaterMark

  • Administrator
  • Newbie
  • *****
  • Posts: 15
  • Security Guy
    • View Profile
ESET Forums Hacked
« on: June 05, 2014, 02:46:15 PM »
Joining a long line of hacked web forums, ESET, makers of the antivirus product Nod32, has had their forum database compromised.

The following is the email message ESET has mailed to their approximately 2700 forum members:

Quote from: ESET
From: "ESET Security Forum" <noreply @ forum.noreply.eset.com>
To: (noone) @ redacted.com
Sent: Thursday, June 05, 2014 11:30 AM
Subject: security incident on forum.eset.com


Dear (noone),

we have been informed by our third-party forum provider that user login details of ESET Security Forum members have been compromised. At this time we have confirmed that login data (user name/email and hashed forum passwords) have been accessed. We have requested details about the incident from our provider and have launched a full-scale investigation with them. ESET Security Forum has around 2,700 registered users and the only information stored are login details: no financial or other sensitive data are affected. ESET-operated infrastructure and ESET software users were not affected in any way by this incident.

We recommend that all ESET Security Forum users change their passwords. Having different passwords for different services is a good practice: if you used your ESET Security Forum password for other services, we recommend that you also change those passwords immediately too. Some useful tips on how to create strong passwords can be found at ESET WeLiveSecurity website: http://www.welivesecurity.com/2013/07/17/how-to-create-strong-passwords-without-driving-yourself-mad/

We apologize for any inconvenience.

 
ESET Security Forum

ESET appears to have out-sourced the hosting of their forum to a third-party.  As a no doubt paid for service, ESET should be justifiably upset that a professional hosting services company could not keep their member data secured.  One of the main reasons to out-source forum hosting is to get professionals to provide the best and most secure services possible.

The ESET forums have been hosted on IPB (IP.Board) since September, 2013.  Prior to that, ESET had their official forums hosted at Wilders Security Forums for 11 years without any hacking incidents.
Forum and website security consultant