Scribd document-sharing service hacked
The Scribd document-sharing service has announced that there has been an attack on its network. The company explained that members of staff discovered unusual activity earlier this week, and that attackers have probably harvested email addresses and password hashes. While Scribd notes that "less than 1 per cent" of its registered users may have been affected because of "the way Scribd securely stores passwords", the document service does have at least 100 million registered users.
The online library said that all affected users have already received an email with instructions how to reset their passwords. Users who haven't received an email can assume that they are "most likely unaffected", added Scribd. Those who wish to be sure can use a web tool that the company has provided to check whether their password has been copied.
Scribd said that no content, payment or sales-related data is believed to have been compromised. Apparently, the attackers only targeted user information, email addresses and passwords. While Scribd says that passwords were salted and hashed, it hasn't disclosed the methods that were used; therefore, it is possible that the attackers could crack any potentially copied passwords by brute force. Registered users who have used their Scribd access credentials for other services (password recycling) should be sure to change those as soon as possible.