Earlier this week, Scribd's Operations team discovered and blocked suspicious activity on Scribd's network that appears to have been a deliberate attempt to access the email addresses and passwords of registered Scribd users.
Because of the way Scribd securely stores passwords, we believe that the passwords of less than 1% of our users were potentially compromised by this attack.
We have now emailed every user whose password was potentially compromised with details of the situation and instructions for resetting their password. Therefore, if you did not receive an email from us, you are most likely unaffected. If you wish to check, you can use this web tool that we built to determine if your account was among those affected:
http://www.scribd.com/password/check
Our investigation indicates that no content, payment and sales-related data, or other information were accessed or compromised. We believe the information accessed was limited to general user information, which includes usernames, emails, and encrypted passwords.
Even though this information was accessed, the passwords stored by Scribd are encrypted (in technical terms, they are salted and hashed). Most of our users were therefore unaffected by this; however, our analysis shows that a small percentage may have had their passwords compromised. In an abundance of caution, we are therefore asking those affected users to reset their password and to change their password on any other services they might have used it on.
We take our responsibility to protect our users' data extremely seriously and constantly improve our security infrastructure and policies. Following this incident, we have implemented numerous additional safeguards. Not only have we taken steps to address the specific issues that led to this incident, but we are also conducting a comprehensive security review and are implementing more general measures to proactively enhance security. We are also alerting relevant authorities to the matter and will co-operate with their investigation.
A number of high-profile websites have been hit in the past year with similar attacks, opening up important questions about password security and the re-use of passwords across services. It is important to remember to never re-use passwords across services and to never use passwords that are dictionary words, names, or other easily-guessable choices.
Finally, we would like to sincerely apologize for our failure to live up to our users' expectations in this instance. We’re incredibly disappointed that this happened and are committed to doing everything we can to prevent this from happening again. We will work harder than ever to ensure that we deserve the trust that our users place in us.
Thank you for reading and thanks for using Scribd.
The Scribd Team
Source link.....http://support.scribd.com/entries/23519663-Important-Security-Announcement