Satoshi Nakamoto Blog
Image default
Article data breach Hacking Security

Trakt tardily notifies users of data breach that took place over four years ago


Users of Trakt — a service for “scrobbling”, or tracking the movies and TV shows you watch in the likes of Plex and Kodi — have received emails from the company notifying them of a data breach that took place way back in 2014.

Trakt says that although the security breach took place over four years ago, it only recently discovered it. The company says that an investigation is underway, but that it believes a “PHP exploit was used to capture data”, including users’ emails, usernames, encrypted passwords, names and locations.

See also:

The email starts by saying: “We are contacting you today because we have learned of a data breach that occurred back in December 2014. The breach involved some of your personal information such as username, email and encrypted password. Although this happened in 2014, we only recently discovered this, and wanted to promptly provide notice as part of our commitment to your privacy”.

Trakt goes on to reassure anyone who was paying for a VIP service that no payment information has been compromised. The company also says that as of January 2015 — without knowledge of the breach taking place — Trakt moved to a more secure version of its website which (seemingly accidentally) removed the exploit which previously existed.

The email explains:

THE GOOD NEWS

To any VIPs, no payment information was included in the breach. All payment data is securely held by payment processors and never within our own servers.

Next, in January 2015, we moved from version 1 of our site to version 2. In doing so, we removed any access outsiders had to your information and accomplished three key things to strengthen our security:

  1. We moved to a more secure algorithm for storing passwords
  2. Our platform change removed the exploit
  3. The new infrastructure has far tighter restrictions

WHAT HAPPENED

Our investigation is ongoing, but we believe a PHP exploit was used to capture data from Trakt users.

Users who have been affected by the breach should receive a further email that includes a password reset link. Trakt says that as well as the on-going investigation, it is monitoring the site for further signs of suspicious activity.





Source link

Related posts

‘Green New Deal’ details emerge, as Ocasio-Cortez preps big reveal of WW2-level mobilization

satoshi

10 quick observations about Google Pixel Slate

satoshi

A New Wave of Attacks Takes Place with Ancient ICEFOG APT Malware

satoshi

Security intelligence startup Exabeam raises $75M to expand its sales reach

satoshi

Google is trying to keep your password safe from hackers

satoshi

Selma Blair shows off tennis skills as she continues MS battle

satoshi