Got a Boxee TV account? You should change your password

BoxeeThe personal details of some 158,128 people – including their names, email addresses, birth dates, IP addresses – have been leaked following what appears to be a serious security breach at Samsung-owned web TV service, Boxee.

The information, which also includes IP addresses, full message archives and simply salted passwords of Boxee TV forum users, appears to be related to Boxee’s online forums, which became dormant shortly after the company was acquired by Samsung last year.

Boxee was perhaps most famous for its strangely lopsided set-top hardware, but now it may be remembered more for its mysterious silence regarding a database breach.

As Ars Technica reports, some customers were warned earlier this week of the security incident not by Samsung or Boxee, but by password management service LastPass.

Sign up to our free newsletter.
Security news, advice, and tips.

LastPass warning

Of course, LastPass’s warning will only have been seen by a small proportion of the affected Boxee customers.

There is a very real risk that people who signed up for the Boxee TV forums will have used the same password on other parts of the net. Far too many people re-use passwords, perhaps because they think they won’t be able to remember their passwords if they don’t.

(Hint: You don’t have to remember all your passwords. Just use password management software like Bitwarden, 1Password, or KeePass to do the heavy lifting for you.)

Remember – if you are in the habit of using the same password for different sites, you are increasing the chances of becoming a victim. Hackers may not be interested in accessing your Boxee account, but if your password also unlocks, say, your email account then that’s an entirely different matter.

If you’re not sure if your details might have been included in the breach, you can check via the immensely cool “Have I Been Pwned?” website, created by Australian security researcher Troy Hunt.

“Have I Been Pwned?” simply asks you to enter your email address, and then sifts through the data it has scooped up from several major data leaks, including the 800MB Boxee database that has been shared online.

It’s a great service offered by Troy, which you certainly can’t say of Samsung/Boxee who appear to have let their customers down badly – firstly by allowing the information to be stolen initially, but also by their apparent lack of response since.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Got a Boxee TV account? You should change your password”

  1. Natalie

    RoboForm is another good, free password manager to use to protect your information!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.