Winamp Forums attacked, addresses exposed

A security breach at the Winamp Forums has left AOL warning users to change their passwords after information was disclosed to unknown attackers, including e-mail addresses and possibly password details.

In a message e-mailed to all registered members of the Winamp forums, general manager Geno Yoham warned that his team had 'quickly detected and blocked' an attack on the forums - but not before personal information, known to include e-mail addresses and possibly including passwords for the forums, were obtained by the attacker.

"We have confirmed that this breach was isolated to the Winamp Forum - forums.winamp.com - site only," Yoham confirms. "Other Winamp sites and products such as winamp.com, dev.winamp.com and the Winamp Desktop Media Player were not affected in any way."

Although the Winamp media player software has waned in popularity since its creator Nullsoft was acquired by media giant AOL, there are still thousands of members registered on the company's forum site who are affected by the attack.

"As a precautionary measure," Yoham warned users, "we recommend that you change that your password on the Winamp Forums. If you used your Winamp Forums password on any other web sites, we recommend that you change the password on those sites as well, particularly if you used the same username or email with that site."

Since discovering the attack, Yoham claims that new protection and monitoring processes have been put in place to prevent a similar breach. So far, neither Yoham nor his employer has offered details of exactly how the breach took place.

If you're a Winamp Forums user, it would be good to take Yoham's advice and change your password - and if you use the same password for multiple services, take the time to do a complete password refresh. While the likelihood of an individual user being targeted as a result of the attack is slim, it's a precaution worth taking.