UserVoice hacked; user accounts compromised with weak encryption at play
May 11, 2016
Shah Sheikh (1294 articles)
Share

UserVoice hacked; user accounts compromised with weak encryption at play

UserVoice has admitted a cyberattack which has exposed sensitive data belonging to a small subset of users with administrator or contributor status.

According to a UserVoice update, the company’s backend administrative system experienced a data breach in April which has led to the theft of customer names, along with associated emails, one-way encrypted passwords and random salt strings for a small subset (0.001 percent) of users.

“Unfortunately, the passwords were hashed with the SHA1 hashing algorithm, which by today’s standards is considered weak,” the firm admitted.

However, no financial data was accessed.

Founded in 2008, UserVoice counts approximately 10,000 businesses among its clients. The software-as-a-service (SaaS) company provides product management and customer support software to the enterprise, including forums, support ticket systems and widgets.

Users with UserVoice’s administrators and contributors profiles have been impacted, but in the interest of safety, all users are being asked to change their passwords.

In related news, hackers stole account details belongining to over 57 million users of dating websites in order to peddle this data on the Dark Web.

Source | ZDNET

Related articles

Security is Biggest Digital Transformation Concern

Security is Biggest Digital Transformation Concern

Casino App Clubillion Leaks PII on “Millions” of Users

Casino App Clubillion Leaks PII on “Millions” of Users

Buhtrap Hackers Group Using Recently Patched Windows Zero-day Exploit to Attack Government Networks

Buhtrap Hackers Group Using Recently Patched Windows Zero-day Exploit to Attack Government Networks