Slashdot Mirror

← Back to Stories (view on slashdot.org)

Scribd Reveals It Was Hacked, Asks Users To Change Their Passwords

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes "Scribd has revealed it was hacked earlier this week, in what it says appears to have been 'a deliberate attempt to access the email addresses and passwords of registered Scribd users.' The good news is that the company believes less than 1 percent of its users were potentially compromised in the attack, and it has emailed each and every one of them asking them to reset their password. The company has set up a Web form for users to check if they are amongst those affected. We recommend that regardless of what the Web form says, and even if you don't use your Scribd account regularly, you should probably change your password."

6 of 38 comments (clear)

  1. Re:Access passwords? by broggyr · · Score: 4, Informative

    According to TFA, they were salted and hashed.

    --
    Irony? Yea, it's like goldy and bronzy, only it's made of iron!
  2. Re:Access passwords? by Spy+Handler · · Score: 2

    i RTFA and it says that the passwords *were* salted and hashed. So apparently the hackers got users' email addresses and the password hash.

    Still, if your website was hacked and people found out about it, it makes sense to tell people to change their password.

  3. Won't someone please think of the kittens? by SuperBanana · · Score: 5, Interesting

    Every time someone uploads a PDF to behind scribd's stupid registration-required-to-download-so-I-can-see-it-in-something-bigger-than-a-porthole wall, His Noodliness kills a kitten.

    Seriously, people. There are plenty of places you can upload ANY file to, where only YOU will have to register (and some, even, where you don't!) With Firefox now able to parse PDFs in-browser, there is little excuse for scribd to exist.

    Let's all take this breakin as a great reason to let them head off into the sunset.

    --
    Please help metamoderate.
    1. Re:Won't someone please think of the kittens? by jeffmeden · · Score: 3, Interesting

      Every time someone uploads a PDF to behind scribd's stupid registration-required-to-download-so-I-can-see-it-in-something-bigger-than-a-porthole wall, His Noodliness kills a kitten.

      Seriously, people. There are plenty of places you can upload ANY file to, where only YOU will have to register (and some, even, where you don't!) With Firefox now able to parse PDFs in-browser, there is little excuse for scribd to exist.

      Let's all take this breakin as a great reason to let them head off into the sunset.

      Wish I could mod you to 1,000. Scribd is the biggest solution looking for a problem i have seen in a long time. Have a PDF to share? Put it on a fucking web server, and let the browser download it (even the terrible adobe reader plugin managed to get search to work, but of course scribd can't figure it out). It's not there to protect copyrighted material, it's there to try to create a userbase where one shouldn't have to exist.

      I set up a junk scribd username/password a while ago to see some content. If a hacker got hold of it, they are going to get what they deserve if they use it to log in. Scribd is a pitiful premise, executed even more pitifully; have all the fun you want, hackers!

  4. WTF... by fuzzyfuzzyfungus · · Score: 2

    Why does this 'Scribd' bullshit even exist?

    A revolutionary technique exists for putting 'pdf' documents on an 'http' server, that doesn't involve flash, registration, or any other bullshit. What, exactly, is the redeeming value here?

  5. Re:Access passwords? by wonkey_monkey · · Score: 2

    If password recovery is the only instance where email is sent to users, this should work.

    And what about when the database gets hacked and the admins need to send email to the affected users asking them to change their passwords?

    --
    systemd is Roko's Basilisk.