Hackers crept into a forum for users of Boxee.tv, and then dumped member names, email addresses, message histories and partially protected passwords.
The leak came in the form of an 800 megabyte database file.
It contains personal data associated with 158,128 user accounts, about 172,000 e-mail addresses, and the cryptographically-scrambled passwords that correspond to those accounts.
“The dump also included a wealth of other details, such as user birth dates, IP addresses, site activity, full message histories, and password changes. All user messages sent through the service were included as part of the leak,” Ars reports.
The data appears to include only information associated with Boxee.tv forums, not service accounts. Samsung acquired the Web-based television service last year.
“Even when passwords in hacked databases have been cryptographically hashed, most remain highly susceptible to cracking attacks that can reveal the plain-text characters required to access the account,” Ars warns. “The damage can be especially severe when people use the same or similar passwords to protect accounts on multiple sites, an extremely common practice.”
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.