Winamp, creators of the popular music player, has admitted that security processes protecting users accounts on its Winamp Forums website have been compromised, exposing thousands of email addresses as a result.
Geno Yoham, General Manager of Winamp, took to the company’s forum to reassure users, noting that his team had quickly detected and blocked an attack on the Winamp Forums database. The breach was limited to the forums, meaning its main website, developer portal and desktop media player account databases remained secure.
As a precautionary measure, Winamp recommends that users change their passwords, despite the fact they were not compromised in the attack. The company says it is dedicated to retaining user privacy and has alerted it users to remain as transparent as possible.
The Winamp attack is very similar to attacks on SourceForge.net, which saw the network shutdown its CVS Hosting, ViewVC (web based code browsing), New Release upload capability and Interactive Shell services to prevent further compromise, alerting 2 million users in the process.
As a result of our continuous security monitoring, we identified and blocked this attack. Additionally, new security measures have been deployed to help keep this type of breach from happening in the future.
We are in the process of notifying all users with a registered account for the Winamp Forums via email. If you have any questions, you can reach us at firstname.lastname@example.org.
With email addresses exposed, the users affected could start to receive SPAM or phishing attempts via email. As always, don’t open any attachments you don’t trust and never give over your usernames and passwords, if requested.