Cloud-based digital comics platform ComiXology has been hacked. Users and comic book retailers that host ComiXology’s portals on their sites are being advised to take measures.
Bleeding Cool has obtained copies of the email notifications sent out to both users and retailers. It turns out that hackers have accessed a database containing customer information, including password hashes.
“In the course of a recent review and upgrade of our security infrastructure, we determined that an unauthorized individual accessed a database of ours that contained usernames, email addresses, and cryptographically protected passwords,” the emails read.
Fortunately, payment information is not stored on the company’s servers so it couldn’t have been compromised.
It’s uncertain how well the passwords are encrypted, but users and retailers are asked to change them as a precaution. ComiXology says it has strengthened its security procedures and systems to avoid future incidents.
We’ve updated our security and all passwords must be changed. Click here to change your password.http://t.co/7o1QUAzjpt
— comiXology (@comiXology) March 6, 2014
As far as retailers are concerned, they’re also encouraged to change their SMTP passwords and send their SMTP credentials to ComiXology if they want to email their users through the company’s service.
Some users have complained that the email notifications sent out by ComiXology look like phishing scams. They address recipients with a generic “Dear Comics Reader” and they come from firstname.lastname@example.org, which some see as suspicious.
At the time of writing, the company’s website appears to be inaccessible. ComiXology says it’s looking into the downtime.