The Web-based television service Boxee.tv, which was acquired by the Samsung last year in July, has reportedly been hacked and its user data has been compromised.
According to a report by Ars Technica, hackers of the Boxee.tv service have posted names, e-mail addresses, message histories, and partially protected login credentials of 158,128 forum users.
The report quotes Scott A. McIntyre, a security researcher in Australia, as saying the Boxee breach occurred last week, when a full copy of the stolen forum data became widely available as an 800MB file
While the Boxee was unaware of the hack, officials from password management service LastPass began warning customers with affected e-mail addresses. It said the 800MB file doing the rounds of the Internet contains personal data associated with 158,128 user accounts, about 172,000 e-mail addresses, and cryptographically scrambled passwords. Not only this, the file containing stolen data also includes details like the user’s birthdate, IP address, site activity, full message histories, and password changes
“Please update the password for your boxee.tv account immediately,” stated an e-mail LastPass sent to customers. “The LastPass Security Challenge, located in the Tools menu of the LastPass addon, will help find any other accounts using the same password as the leaked account.”
The report notes that the security breach doesn’t directly affect all Boxee.tv users, only those that were using the same credentials for both the service and the community forum At the time of writing this report, there has been no statement issued on the breach by Boxee.tv yet.