Got a Boxee TV account? You should change your password

Graham Cluley

BoxeeThe personal details of some 158,128 people – including their names, email addresses, birth dates, IP addresses – have been leaked following what appears to be a serious security breach at Samsung-owned web TV service, Boxee.

The information, which also includes IP addresses, full message archives and simply salted passwords of Boxee TV forum users, appears to be related to Boxee’s online forums, which became dormant shortly after the company was acquired by Samsung last year.

Boxee was perhaps most famous for its strangely lopsided set-top hardware, but now it may be remembered more for its mysterious silence regarding a database breach.

As Ars Technica reports, some customers were warned earlier this week of the security incident not by Samsung or Boxee, but by password management service LastPass.

LastPass warning

Of course, LastPass’s warning will only have been seen by a small proportion of the affected Boxee customers.

There is a very real risk that people who signed up for the Boxee TV forums will have used the same password on other parts of the net. Far too many people re-use passwords, perhaps because they think they won’t be able to remember their passwords if they don’t.

(Hint: You don’t have to remember all your passwords. Just use password management software like Bitwarden, 1Password, or KeePass to do the heavy lifting for you.)

Remember – if you are in the habit of using the same password for different sites, you are increasing the chances of becoming a victim. Hackers may not be interested in accessing your Boxee account, but if your password also unlocks, say, your email account then that’s an entirely different matter.

If you’re not sure if your details might have been included in the breach, you can check via the immensely cool “Have I Been Pwned?” website, created by Australian security researcher Troy Hunt.

“Have I Been Pwned?” simply asks you to enter your email address, and then sifts through the data it has scooped up from several major data leaks, including the 800MB Boxee database that has been shared online.

It’s a great service offered by Troy, which you certainly can’t say of Samsung/Boxee who appear to have let their customers down badly – firstly by allowing the information to be stolen initially, but also by their apparent lack of response since.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Got a Boxee TV account? You should change your password”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.