The personal details of some 158,128 people – including their names, email addresses, birth dates, IP addresses – have been leaked following what appears to be a serious security breach at Samsung-owned web TV service, Boxee.
The information, which also includes IP addresses, full message archives and simply salted passwords of Boxee TV forum users, appears to be related to Boxee’s online forums, which became dormant shortly after the company was acquired by Samsung last year.
Boxee was perhaps most famous for its strangely lopsided set-top hardware, but now it may be remembered more for its mysterious silence regarding a database breach.
Of course, LastPass’s warning will only have been seen by a small proportion of the affected Boxee customers.
There is a very real risk that people who signed up for the Boxee TV forums will have used the same password on other parts of the net. Far too many people re-use passwords, perhaps because they think they won’t be able to remember their passwords if they don’t.
Remember – if you are in the habit of using the same password for different sites, you are increasing the chances of becoming a victim. Hackers may not be interested in accessing your Boxee account, but if your password also unlocks, say, your email account then that’s an entirely different matter.
If you’re not sure if your details might have been included in the breach, you can check via the immensely cool “Have I Been Pwned?” website, created by Australian security researcher Troy Hunt.
“Have I Been Pwned?” simply asks you to enter your email address, and then sifts through the data it has scooped up from several major data leaks, including the 800MB Boxee database that has been shared online.
It’s a great service offered by Troy, which you certainly can’t say of Samsung/Boxee who appear to have let their customers down badly – firstly by allowing the information to be stolen initially, but also by their apparent lack of response since.