World’s largest online digital documents library was suffered from hacking attempt. Scribd’s security operations team discovered unusual activity on its network and a conscious & successful attempt was made to access username and password of Scribd’s registered users. However, Scribd’s security team have stated that passwords are stored very securely and the passwords of less than 1% of users were potentially compromised by this attack.
On immediate basis, Scribd has provided a password check tool to quickly check if your password was among those compromised in this security breach. Since anyone can check anyone’s email address anyway, and since you probably received an email advising you to change your password already if your account was potentially pawned, it probably doesn’t matter.
Even though this information was accessed, the passwords stored by Scribd are encrypted and due to this maximum number of the users were unaffected.
Scribd also indicated that they have implemented numerous additional safeguards. Not only have we taken steps to address the specific issues that led to this incident, but we are also conducting a comprehensive security review and are implementing more general measures to proactively enhance security.
LESSONS to learn:
- When you chose your password, make it complex for attackers. Use combination of uppercase, lowercase, number and special characters in your password. Weak passwords are targeted first.
- Use different password for different websites. It means your Facebook password must be different from your Scribd password so that your other account would not be compromised in this case.
- Database administrators should use strong salt and hash system such as bcrypt, scrypt or PBKDF2 which makes harder and slower for attackers to go through their password dictionary.