14 DAY TRIAL // In a security announcement published on Wednesday, the popular digital documents library Scribd revealed that its Operations team uncovered and blocked suspicious activity on its network. It appears the attackers were after the email addresses and passwords of Scribd users.
The service’s representatives believe that only less than 1% of passwords have potentially been compromised.
Impacted customers have been notified. In addition, Scribd provides a web tool that allows users to check if they’re among those affected by the breach.
“Our investigation indicates that no content, payment and sales-related data, or other information were accessed or compromised. We believe the information accessed was limited to general user information, which includes usernames, emails, and encrypted passwords,” Scribd stated.
“Even though this information was accessed, the passwords stored by Scribd are encrypted (in technical terms, they are salted and hashed). Most of our users were therefore unaffected by this; however, our analysis shows that a small percentage may have had their passwords compromised,” the statement continues.
“In an abundance of caution, we are therefore asking those affected users to reset their password and to change their password on any other services they might have used it on.”
To prevent future incidents, Scribd has implemented additional security measures. The service is also performing a comprehensive security review.
Authorities have been contacted and an investigation has been launched into the matter.
“A number of high-profile websites have been hit in the past year with similar attacks, opening up important questions about password security and the re-use of passwords across services,” the Scribd team wrote.
“It is important to remember to never re-use passwords across services and to never use passwords that are dictionary words, names, or other easily-guessable choices.”