Web service for publishing and presentations Scribd hacked
Attackers have access to email addresses and password hashes (with salt) of part or all users, it is not absolutely clear scale attacks. Soon, this information may be made public.
Last night guide service announced that earlier this week, a special department Scribd «detected and blocked a suspicious network activity Scribd, which was like trying to access e-mail addresses and passwords of registered users Scribd».
Scribd representatives argue that "compromised" is not all the user accounts, but only about 1%. At least, this assures the security department Scribd. They say that a small number of affected users is explained by "the way Scribd to store the passwords." The rest of the hashes even if stolen, but they are "securely encrypted."
Each affected user sent a personal letter explaining the situation and instructions to reset your password.
Check your account for leakage of private information can be on this page, enter your email address:
http://www.scribd.com/password/check
Scribd guide also says that hackers do not have access to any information other than emails, and password hashes, that is, payment information and other financial information about customers is stored in another location.
Scribd representatives separately reported some technical details of hashing algorithm used most passwords scrypt, while about 1% of the passwords were zaheshirovany using SHA1 and salt. These passwords Scribd considered "compromised", and these users are sent an email with instructions for resetting your password.
According to the explanations of the Scribd, in fact, criminals can still get a database with accounts of all users.
No comments:
Post a Comment