Digital comics storefront ComiXology has discovered a wide-reaching security breach during a security review and upgrade, and is requiring that all account holders reset their passwords, according to an email send out by the company today. The email says that payment information is safe, since it isn’t stored on ComiXology servers, and notes that passwords are stored in an encrypted form, so those should be safe, too.
The blanket password reset is being called a “precautionary measure” by the ComiXology team, which does still acknowledge that an “unauthorized individual” accessed a database containing ComiXology account holder usernames and emails, in addition the encrypted passwords associated with those accounts. The digital comics seller is also recommending that users modify their passwords on other services, too, if they were using the same or similar ones around the web.
ComiXology says that it has already improved its security following the attack, and intends to continue to do so “on an ongoing basis.” It also includes a warning against the kind of phishing attacks that profess to be emails from ComiXology asking for sensitive account information. ComiXology saw the sale of over 4 billion digital comics pages in 2013, and though it doesn’t share user numbers, there are likely a lot of people affected by the breach.
If you’re a current ComiXology user, go here to reset your password ASAP. When contacted, ComiXology said that it has no further comment beyond what’s contained in the email sent to users regarding the breach, which is included in full below:
Dear Comics Reader,
In the course of a recent review and upgrade of our security infrastructure, we determined that an unauthorized individual accessed a database of ours that contained usernames, email addresses, and cryptographically protected passwords.
Payment account information is not stored on our servers.
Even though we store our passwords in protected form, as a precautionary measure we are requiring all users to change their passwords on the comiXology platform and recommend that you promptly change your password on any other website where you use the same or a similar password. You can reset your comiXology.com password here.
We have taken additional steps to strengthen our security procedures and systems, and we will continue to implement improvements on an ongoing basis.
Please note that we will never ask you for personal or account information in an e-mail, so exercise caution if you receive emails that ask for personal information or direct you to a site where you are asked to provide personal information.
We apologize for the inconvenience. If you have any questions, please contact us by sending an email to firstname.lastname@example.org