Avast forums breached, Spotify unauthorized access ...
FYI...
Avast takes down forums after breach hits 400,000 users
User names, email addresses and hashed passwords were compromised
- http://www.theinquirer.net/inquirer/...-400-000-users
May 27 2014
- https://blog.avast.com/2014/05/26/av...due-to-attack/
May 26, 2014 - "The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work... We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately. We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.
Sincerely,
Vince Steckler
CEO AVAST Software"
- http://www.databreaches.net/avast-ta...r-data-breach/
May 26, 2014
___
Spotify - Important Notice to Our Users
- http://news.spotify.com/us/2014/05/2...-to-our-users/
May 27, 2014 Oskar Stål, CTO - "We’ve become aware of some -unauthorized- access to our systems and internal company data and we wanted to let you know the steps we’re taking in response. As soon as we were aware of this issue we immediately launched an investigation. Information security and data protection are of great importance to us at Spotify and that is why I’m posting today. Our evidence shows that only one Spotify user’s data has been accessed and this did not include any password, financial or payment information. We have contacted this one individual. Based on our findings, we are not aware of any increased risk to users as a result of this incident. We take these matters very seriously and as a general precaution will be asking certain Spotify users to re-enter their username and password to log in over the coming days. As an extra safety step, we are going to guide Android app users to upgrade over the next few days**. If Spotify prompts you for an upgrade, please follow the instructions. As always, Spotify does not recommend installing Android applications from anywhere other than Google Play, Amazon Appstore or https://m.spotify.com/. At this time there is no action recommended for iOS and Windows Phone users. Please note that offline playlists will have to be re-downloaded in the new version. We apologise for any inconvenience this causes, but hope you understand that this is a necessary precaution to safeguard the quality of our service and protect our users. We have taken steps to strengthen our security systems in general and help protect you and your data – and we will continue to do so. We will be taking further actions in the coming days to increase security for our users. Please click here* to read more."
* https://support.spotify.com/problems...android-update
** https://play.google.com/store/apps/d...ile.android.ui
May 28, 2014
