HackDig : Dig high-quality web security articles for hacker

Potential Livestream breach – payment details safe but PII may have been swiped

2015-12-24 17:05

Live video streaming platform Livestream – which has partners including the BBC, Spotify, Nike, Nasdaq and Tesla – has alerted its customers to a potential data breach which may have exposed personal information including names, email addresses, phone numbers, dates of birth and encrypted passwords.

In an email sent out to its customers the company, which boasts up to 40,000,000 viewers per month, said:

We recently discovered that an unauthorized person may have accessed our customer accounts database. While we are still investigating the full scope of the incident, it is possible that some of your account information may have been accessed. This may include name, email address, an encrypted version of your password, and if you provided it to us, date of birth and/or phone number. We do not store credit card or other payment information. We have no indication that the encrypted passwords have been decoded, but in an abundance of caution, we are requiring all users to reset their passwords.

There’s no word on just how those passwords were encrypted, or whether they were salted, so Livestream’s following advice –

If you used the same passwords for other accounts, we recommend changing your passwords for those accounts as well.

– is especially pertinent, given the fact that we don’t know just how easily the potentially stolen login credentials may or may not be to crack (though you guys are sufficiently security conscious to have not reused passwords in the first place, right?)

Fortunately, the New York-based company said that other concern to customers – their credit card information (as well as other payment details) – is not stored in the potentially compromised database.

Unlike other companies that have been, or may have been, breached recently, Livestream spared the “we take your security seriously” spiel, opting instead to say that:

We have already implemented additional security measures and will continue to improve our systems to help prevent these incidents in the future.

While that’s all well and good, I would still urge any of the company’s customers to be on their guard. Even though passwords might be secure, and payment cards definitely are, the amount of PII that may have been swiped could still be of use and interest to a malicious individual who could use it to craft a convincing phishing email, or send a mass of spam.

And, if you have used your password all over the web, your new year resolution (actually, scrub that, do it today) should be to start using a password manager (1Password, KeePass and LastPass are all good examples) to help you create longer, stronger and more complex passwords that are, crucially, unique to every account you have under your control.

Beyond that, have a great Christmas and a happy new year or, as Brian would say, “Nollaig Shona agus Athbhliain faoi Mhaise daoibh.”


Source: 5192=p?/hctawytiruces/ei.gnitlusnochb

Read:6249 | Comments:0 | Tags:Breaches

“Potential Livestream breach – payment details safe but PII may have been swiped”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud