No personal data compromised and main site said to be unaffected.
A hacker has attacked the forum of the security company Malwarebytes, leading the company to reset its users’ passwords.
Though the firm found no evidence of personal data being compromised it decided to force user password changes as a precaution, having recently put the forum hosting in the hands of Invision, which also acts as a software vendor.
Marcin Kleczynski, chief executive of Malwarebytes, said: "Malwarebytes.org was not compromised, only the one server that is running this forum.
"Invision is known for having vulnerabilities and gets exploited all the time, unfortunately we fell victim to that. The [password reset] e-mails are still going out, [and] should be done in a few hours."
Following questions by the users over the decision to move to Invision, Kleczynski replied that he wanted the firm to have direct access to the forum software so they could lock down issues as they arose.
The support email that alerted users to the problem also added that Malwarebytes did not store personal data on the forums.