"According to an internal assessment and that of external IT professionals the password data cannot be used by third parties due to masking procedures," the notification e-mail states. "Of course, you can still change your assigned password at any time in your profile if you wish."
Still, the above notification was provided only to those who signed up after December 2013, when the company started using "512-bit encryption with salt," according to Softpedia.
The passwords of those who signed up before then were stored as MD5 hashes -- those users' passwords have been reset, and they're also being advised to change their passwords on any other sites where they used the same login credentials.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The company says the breach was discovered when spammers began targeting e-mail addresses that Statista was only using internally, and that the vulnerability leveraged to breached the database has since been patched.