"On July 12, 2016, we became aware that an unauthorized party gained access to the Playdom Forum servers. We immediately began investigating the incident and discovered that on July 9 and July 12, 2016, the unauthorized party acquired certain user information from the playdomforums.com site."The actor is believed to have accessed the usernames, email addresses, passwords, and IP addresses of Playdom Forum users. According to the site's statistics, there were 356,000 registered users prior to the breach's discovery. At this time, it's unclear how the attacker gained access to Disney's forum servers. Security researcher Troy Hunt believes the breach might be connected to Playdom's use of a vulnerable version of forum software vBulletin. A post on vBulletin's own forums seems to confirm that point.
"If you use the same password on other online accounts, we recommend you set new passwords on those accounts immediately. Internet security experts recommend using different passwords for each account and electing passwords that are hard to guess. In addition, we will never ask you for personal or account information in an email, so please exercise caution if you receive unsolicited emails that ask for that information."It's important that users create a strong, unique password for each of their web accounts. Doing so will help protect against password reuse attacks, such as those campaigns which recently targeted Carbonite's users. For expert tips on how to create a strong password, please click here.