Boxee Hacked

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

Risk Based Security researchers recently found that an unidentified hacker or hackers had leaked information on 158,128 users of the Web TV service, including e-mail addresses, encrypted passwords, password change dates, group IDs, birthdates, IP addresses, Boxee site activity, and full message history (h/t Ars Technica).

"Any [messages] sent through their service, including ones with sensitive content, are now public," the researchers note. "Further, the passwords were apparently salted hashes and easily cracked according to sources."

According to the researchers, the data dump, which took place around March 10, 2014, includes 172,234 e-mail addresses from 17,653 different e-mail providers or ISPs.

Ars Technica reports that password management service LastPass has already begun alerting customers whose e-mail addresses were exposed. "Please update the password for your account immediately," the LastPass e-mail states. "The LastPass Security Challenge, located in the Tools menu of the LastPass addon, will help find any other accounts using the same password as the leaked account."

Security researcher Scott A. McIntyre told Ars Technica that the data appears to have come from users of the forums, not from service accounts.


Loading Comments...