Home page logo

dataloss logo Data Loss mailing list archives

Scribd hit by hackers
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Fri, 5 Apr 2013 09:40:09 -0500


Hackers hit digital document library Scribd, prompting it to have its
users change their account passwords.

Scribd said its operations team "discovered and blocked" suspicious
activity on Scribd's network that indicated a "deliberate attempt" to
access the data of its users.

"Because of the way Scribd securely stores passwords, we believe that
the passwords of less than 1% of our users were potentially
compromised by this attack," it said in an April 3 security

It said the hackers appeared to be after the "email addresses and
passwords of registered Scribd users."

For now, Scribd said it has emailed all users whose passwords had been
potentially compromised, with details of the situation and
instructions for resetting their password.

Users were also advised to check if their accounts were affected by
going to http://www.scribd.com/password/check.

On the other hand, Scribd said its initial investigation showed "no
content, payment and sales-related data, or other information were
accessed or compromised."

"We believe the information accessed was limited to general user
information, which includes usernames, emails, and encrypted
passwords," it said.

It said that while it encrypts its passwords, those whose accounts
were affected should reset their passwords.

Scribd also said it has implemented additional safeguards, including a
"comprehensive security review" and "more general measures to
proactively enhance security."

"We are also alerting relevant authorities to the matter and will
co-operate with their investigation," it said.

It reminded users to "never re-use passwords across services and to
never use passwords that are dictionary words, names, or other
easily-guessable choices."

Scribd also apologized for the inconvenience.— TJD, GMA News
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list


Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.

  By Date           By Thread  

Current thread:
  • Scribd hit by hackers Erica Absetz (Apr 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]