Data Breach at Statista Affects 50,000 Users

Statistics portal Statista recently began notifying approximately 50,000 customers that their e-mail addresses and encrypted passwords may have been accessed by hackers (h/t Softpedia).

“According to an internal assessment and that of external IT professionals the password data cannot be used by third parties due to masking procedures,” the notification e-mail states. “Of course, you can still change your assigned password at any time in your profile if you wish.”

Still, the above notification was provided only to those who signed up after December 2013, when the company started using “512-bit encryption with salt,” according to Softpedia.

The passwords of those who signed up before then were stored as MD5 hashes — those users’ passwords have been reset, and they’re also being advised to change their passwords on any other sites where they used the same login credentials.

The company says the breach was discovered when spammers began targeting e-mail addresses that Statista was only using internally, and that the vulnerability leveraged to breached the database has since been patched.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles