Video live streaming platform LiveStream is warning customers that account information, including names, dates of birth, phone numbers, email addresses and encrypted passwords may have been accessed by unauthorised party.
In an email sent out to customers, the company explained that it is requiring all users to reset their passwords:
We recently discovered that an unauthorized person may have accessed our customer accounts database. While we are still investigating the full scope of the incident, it is possible that some of your account information may have been accessed. This may include name, email address, an encrypted version of your password, and if you provided it to us, date of birth and/or phone number. We do not store credit card or other payment information. We have no indication that the encrypted passwords have been decoded, but in an abundance of caution, we are requiring all users to reset their passwords.
No details have been shared at this point regarding how LiveStream was encrypting the passwords, and whether they are actually talking about password hashes and if any salting was in play. (Don’t understand all this salting and hashing stuff when it comes to password encryption? Watch this video).
Obviously it would be wise to ensure that you are not reusing your LiveStream password anywhere else on the net. Password reuse is perhaps the biggest problem with passwords – worse than choosing easy-to-guess passwords.
If you do make the mistake of reusing passwords, you are running the risk of having your password compromised in one place (perhaps via a phishing attack or key logger) and then hackers using it to unlock your other online accounts.
Even if passwords have not been cracked, there remains the potential for anyone who has accessed LiveStream’s customer database to use it to send spam emails and phishing campaigns – so please be on your guard.
When I logged into my LiveStream account I was disappointed to find no warning of a potential security breach and that I wasn’t being forced to reset my password. Instead, I had to go into my account settings to reset it.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.