Scribd Hack Exposes Thousands of Users
It's much easier to spend your Internet time watching funny cat videos than to actually do something productive, but the educational stuff is out there. Take Scribd, for instance: a virtual library of free content that ranges from book previews to science journal articles to official government documents. If you're one of the estimated 50 million Scribd users, life isn't all highbrow art magazines and travelogues, though. A recent hack has resulted in a few hundred thousand stolen passwords.
Scribd does not reveal exactly what kind of hack took place, but the malefactors made off with part of a password database. But if you're worried that you've been hacked, don't be: There's a 99 percent chance you haven't. "Because of the way Scribd securely stores passwords, we believe that the passwords of less than 1 percent of our users were potentially compromised by this attack."
If your account has been compromised, Scribd has already sent you an email with detailed instructions on how to change it and make it more secure. Any user can check password status at http://www.scribd.com/password/check to be sure. Remember: Even if you've used Scribd in the past, you may not have an account. Users are not required to register with Scribd in order to view material.
Better still, since Scribd passwords are encrypted, the hackers have likely not yet cracked any of them in order to gain access to Scribd accounts. Although users can store their contact information (username, email address and physical address) in their accounts, there is no evidence that hackers have compromised this information. Even allowing the worst-case scenario of an account breach, Scribd accounts do not contain any financial information. [See also: The 10 Biggest Online Security Myths — And How to Avoid Them]
A statement from Scribd regrets this intrusion, but also reminds users that it is hardly the only high-profile website to fall victim to hacking within the last year. Scribd recommends some commonsense advice to prevent further password woes: "It is important to remember to never re-use passwords across services and to never use passwords that are dictionary words, names or other easily guessable choices."
Scribd is the latest in a series of major website incursions, and it won't be the last. There's no foolproof way to protect your password or your personal information, but a hard-to-guess password and keeping an eye on your inbox for security alerts like the one from Scribd are a good start.