Up to 1M Scribd user passwords exposed – content and cash safe

The document sharing site revealed that about 1 percent of its suggested 50 million user accounts were potentially compromised by the breach.

“Scribd's Operations team discovered and blocked suspicious activity on Scribd's network that appears to have been a deliberate attempt to access the email addresses and passwords of registered Scribd users.” Usernames also might have been exposed. Most of the site’s stored passwords were encrypted.

The company notified users who were potentially hit within a week. Any and all users also are able to visit a website to see if their accounts are among those affected.

Language from the company’s disclosure:

“Because of the way Scribd securely stores passwords, we believe that the passwords of less than 1% of our users were potentially compromised by this attack. 

. . . Our investigation indicates that no content, payment and sales-related data, or other information were accessed or compromised. We believe the information accessed was limited to general user information, which includes usernames, emails, and encrypted passwords.  

Even though this information was accessed, the passwords stored by Scribd are encrypted (in technical terms, they are salted and hashed). Most of our users were therefore unaffected by this; however, our analysis shows that a small percentage may have had their passwords compromised.”