Malwarebytes has admitted that a flaw in its forum software allowed an attacker to gain access to the server hosting its community.
In a message posted by CEO Marcin Kleczynski, he said that there was no evidence of any personal data being stolen, but as a precaution it is forcing all users to reset their passwords.
“We’ve also migrated our community away from our servers and on to a service hosted by Invision Power Board,” he said. “They know their software best and as vulnerabilities are discovered, they can patch them more quickly.”
He personally apologised for the inconvenience. Commenting, Jason Steer, director of technology at FireEye, said that this shows that it only takes one server to be forgotten or missed and that outsourcing problems doesn’t mean things run any better.
“It just takes one person to over look something,” he said. “It is the whole process of as you get bigger, the process gets longer and bigger and it only takes one person to do something wrong, but thankfully this was only a web server for a customer for a forum, and could have been a lot worse if it was a server that had connections to another server internally.”