With well over 150 million active users a month uTorrent is by far the most used BitTorrent client around.
In addition, the software also has a dedicated community forums with tens of thousands of visitors per day, and over 388,000 registered members.
According to a recent security alert these users would be to update their passwords, as the forum database has been compromised by hackers.
The uTorrent team, which is part of BitTorrent Inc, was alerted to the issue by one of their vendors earlier this week. While the vulnerability didn’t originate at the uTorrent forums, it was indirectly compromised.
“The vulnerability appears to have been through one of the vendor’s other clients, however it allowed attackers to access some information on other accounts. As a result, attackers were able to download a list of our forum users,” uTorrent writes.
The security alert is posted in the forums but as far as we know users haven’t been notified individually. There is no mention of the massive security breach on uTorrent and BitTorrent’s social media accounts either.
According to the uTorrent team it’s not entirely clear what data has been compromised by the hack. The company’s vendor has made some changes to mitigate the fallout, but the hashed passwords are likely compromised.
“We are investigating further to learn if any other information was accessed. Our vendor has made backend changes so that the hashes in the file do not appear to be a usable attack vector,” the uTorrent team writes.
“As a precaution, we are advising our users to change their passwords. While the passwords may not be used as a vector on the forums, those hashed passwords should be considered compromised,” they add.
In addition, users are strongly advised to update their passwords at other sites, if the ones they’re using are identical to the one deployed on the forum.
While uTorrent no longer reports the number of forum users, a few months ago it listed 388,358 members who together wrote over half a million posts.
The uTorrent forums use the Invision Power Board software. The same software also powers the separate BitTorrent forums, which given the lack of a security notice doesn’t appear to be compromised.
TorrentFreak asked BitTorrent Inc. at which vendor the hack originated and whether it intends to communicate the issue to forum users in a more direct manner, but we have yet to hear back.
Update: On HaveIBeenPwned users can check if their account details are compromised. According to the site, roughly 35,000 accounts have been compromised, not all.