Scribd hit by hackers

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.gmanetwork.com/news/story/302540/scitech/technology/scribd-hit-by-hackers

Hackers hit digital document library Scribd, prompting it to have its
users change their account passwords.

Scribd said its operations team "discovered and blocked" suspicious
activity on Scribd's network that indicated a "deliberate attempt" to
access the data of its users.

"Because of the way Scribd securely stores passwords, we believe that
the passwords of less than 1% of our users were potentially
compromised by this attack," it said in an April 3 security
announcement.

It said the hackers appeared to be after the "email addresses and
passwords of registered Scribd users."

For now, Scribd said it has emailed all users whose passwords had been
potentially compromised, with details of the situation and
instructions for resetting their password.

Users were also advised to check if their accounts were affected by
going to http://www.scribd.com/password/check.

On the other hand, Scribd said its initial investigation showed "no
content, payment and sales-related data, or other information were
accessed or compromised."

"We believe the information accessed was limited to general user
information, which includes usernames, emails, and encrypted
passwords," it said.

It said that while it encrypts its passwords, those whose accounts
were affected should reset their passwords.

Scribd also said it has implemented additional safeguards, including a
"comprehensive security review" and "more general measures to
proactively enhance security."

"We are also alerting relevant authorities to the matter and will
co-operate with their investigation," it said.

It reminded users to "never re-use passwords across services and to
never use passwords that are dictionary words, names, or other
easily-guessable choices."

Scribd also apologized for the inconvenience.— TJD, GMA News
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.