Got a Boxee TV account? You should change your password

BoxeeThe personal details of some 158,128 people - including their names, email addresses, birth dates, IP addresses - have been leaked following what appears to be a serious security breach at Samsung-owned web TV service, Boxee.

The information, which also includes IP addresses, full message archives and simply salted passwords of Boxee TV forum users, appears to be related to Boxee's online forums, which became dormant shortly after the company was acquired by Samsung last year.

Boxee was perhaps most famous for its strangely lopsided set-top hardware, but now it may be remembered more for its mysterious silence regarding a database breach.

As Ars Technica reports, some customers were warned earlier this week of the security incident not by Samsung or Boxee, but by password management service LastPass.

LastPass warning

Of course, LastPass's warning will only have been seen by a small proportion of the affected Boxee customers.

There is a very real risk that people who signed up for the Boxee TV forums will have used the same password on other parts of the net. Far too many people re-use passwords, perhaps because they think they won't be able to remember their passwords if they don't.

(Hint: You don't have to remember all your passwords. Just use password management software like Bitwarden, 1Password, or KeePass to do the heavy lifting for you.)

Remember - if you are in the habit of using the same password for different sites, you are increasing the chances of becoming a victim. Hackers may not be interested in accessing your Boxee account, but if your password also unlocks, say, your email account then that's an entirely different matter.

If you're not sure if your details might have been included in the breach, you can check via the immensely cool "Have I Been Pwned?" website, created by Australian security researcher Troy Hunt.

"Have I Been Pwned?" simply asks you to enter your email address, and then sifts through the data it has scooped up from several major data leaks, including the 800MB Boxee database that has been shared online.

It's a great service offered by Troy, which you certainly can't say of Samsung/Boxee who appear to have let their customers down badly - firstly by allowing the information to be stolen initially, but also by their apparent lack of response since.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

One Response

  1. Natalie

    April 3, 2014 at 6:24 pm #

    RoboForm is another good, free password manager to use to protect your information!

Leave a Reply