Threatwatch

Personal data on 158,000 online TV watchers leaked

Data dump; Stolen credentials; User accounts compromised

Hackers crept into a forum for users of Boxee.tv, and then dumped member names, email addresses, message histories and partially protected passwords.

The leak came in the form of an 800 megabyte database file.

It contains personal data associated with 158,128 user accounts, about 172,000 e-mail addresses, and the cryptographically-scrambled passwords that correspond to those accounts.

“The dump also included a wealth of other details, such as user birth dates, IP addresses, site activity, full message histories, and password changes. All user messages sent through the service were included as part of the leak,” Ars reports.

The data appears to include only information associated with Boxee.tv forums, not service accounts. Samsung acquired the Web-based television service last year.

“Even when passwords in hacked databases have been cryptographically hashed, most remain highly susceptible to cracking attacks that can reveal the plain-text characters required to access the account,” Ars warns. “The damage can be especially severe when people use the same or similar passwords to protect accounts on multiple sites, an extremely common practice.”

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.

sector

Entertainment

reported

April 1, 2014

reported by

Ars Technica

number affected

158,128 user accounts

location of breach

Unknown

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

around March 10, 2014

date breach detected

March 30, 2014