Unknown attackers gained an unauthorized access to the personal data of the users of the document-sharing website Scribd. In particular, the fraudsters managed to get the email addresses and hashed and salted passwords.
“Our investigation indicates that no content, payment and sales-related data, or other information were accessed or compromised. We believe the information accessed was limited to general user information, which includes usernames, emails, and encrypted passwords,” Scribd said in the official statement.
It is known that a security breach was detected after Scribd's Operations team discovered and blocked suspicious activity on its network. According to official data, the attackers compromised only 1% of users’ accounts. Scribd’s administration noted that there could be more victims unless the service didn’t use a reliable system to protect users’ accounts.
All the affected users received a notification from Scribd containing information about the security incident and the necessary instructions to reset passwords. Check if your account has been compromised here.