Last week, in a grand-scale compromise of user accounts of boxee.tv forum, almost 158,000 users’ account details and credentials were exposed. Boxee.tv remains tight-lipped about the hacking.
It was from a security researcher in Australia, Scott A. McIntyre that the world came to know of it as he received a file with the hacked information which included details including approximately 172,000 e-mail addresses, 158,128 user accounts, the passwords of these accounts, and so on.
The 800MB file also includes complete message histories, IP addresses, site activity information, password histories, and more. It is said that the file is still being circulated around the web.
Victims who use the same password for their boxee.tv service and the forum might be further affected. This could go on further if they use the same password for other web services or online accounts.
Following this attack, LastPass, a password management service, has advised its customers to change their boxee.tv forum passwords and use different passwords for each service they use on the web. LastPass has also released an addon for their service which helps users to find all the accounts that use the same password for all the accounts managed by their service.
To prevent such attacks, most companies use cryptographical hashing techniques to protect the passwords. However, it doesn’t guarantee safety because hackers can easily know the plain text characters in the passwords which makes it easy for them to crack the passwords.
Troy Hunt, a researcher from Australia, has included the hacked accounts into the database of his popular service, have I been Pwned? This service would help users find if any of their accounts have been compromised. If you are a user of boxee.tv forum, you can use this service to find if your account was attacked.
