Passwords, messages of 158k+ Boxee.tv users leaked
Posted on 02 April 2014.
The forum database of Web TV service Boxee.tv has been ransacked and the attacker made off with - and has subsequently made available for download - a dump containing personal and account information of over 158,000 of its users.

"The leak was announced on a private forum and the database information has been uploaded to a TOR service in the format of a raw SQL dump extraction totaling 792 MB and containing an impressive 192 tables," Risk Based Security revealed on Sunday.

Apart from 172,000+ email addresses, the dump also contains the users' encrypted passwords, dates of birth, IP addresses, full personal message history, and more.

"Any message sent through their service, including ones with sensitive content, are now public. Further, the passwords were apparently salted hashes and easily cracked according to sources," they added.

The breach and information theft was executed by a yet unknown attacker who obviously has a vendetta going against reporter Brian Krebs.

He or she has advertized the breach and offered a link to the dump on Boxee's own forums, and has included some of Krebs' personal information in the message:


Although, it seems that this info wasn't extracted from the compromised database - HaveIBeenPwned? has incorporated the Boxee dump in its database, and it doesn't contain Krebs' information.

Boxee, which was acquired last year by Samsung, has yet to confirm the breach, but on Tuesday password management service LastPass started warning its customers of it and urging them to update their password for their boxee.tv account immediately.









Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //