BreachExchange mailing list archives
Scribd hit by hackers
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Fri, 5 Apr 2013 09:40:09 -0500
http://www.gmanetwork.com/news/story/302540/scitech/technology/scribd-hit-by-hackers Hackers hit digital document library Scribd, prompting it to have its users change their account passwords. Scribd said its operations team "discovered and blocked" suspicious activity on Scribd's network that indicated a "deliberate attempt" to access the data of its users. "Because of the way Scribd securely stores passwords, we believe that the passwords of less than 1% of our users were potentially compromised by this attack," it said in an April 3 security announcement. It said the hackers appeared to be after the "email addresses and passwords of registered Scribd users." For now, Scribd said it has emailed all users whose passwords had been potentially compromised, with details of the situation and instructions for resetting their password. Users were also advised to check if their accounts were affected by going to http://www.scribd.com/password/check. On the other hand, Scribd said its initial investigation showed "no content, payment and sales-related data, or other information were accessed or compromised." "We believe the information accessed was limited to general user information, which includes usernames, emails, and encrypted passwords," it said. It said that while it encrypts its passwords, those whose accounts were affected should reset their passwords. Scribd also said it has implemented additional safeguards, including a "comprehensive security review" and "more general measures to proactively enhance security." "We are also alerting relevant authorities to the matter and will co-operate with their investigation," it said. It reminded users to "never re-use passwords across services and to never use passwords that are dictionary words, names, or other easily-guessable choices." Scribd also apologized for the inconvenience.— TJD, GMA News _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Scribd hit by hackers Erica Absetz (Apr 05)