Hackers nab 158,000 Boxee customer passwords in massive data breach

Names, passwords, dates of birth and IP addresses all stolen by hackers

2 Apr 2014
Boxee Box

Anyone with an account on Boxee's customer forums should immediately change their password after hackers made away with details of 158,000 people.

Analysis of data leaked from the attack shows that is only affects Boxee's forums and not accounts from its Boxee Box TV streaming service.

According to Risk Based Security over 158,000 customer accounts were leaked to the public as a result of an attack on the Boxee.tv forum.

Data leaked includes email addresses, encrypted passwords with the date the password was last changed, dates of birth, IP address details, and complete message history for all users - including private messages sent between accounts.

Neither Boxee nor parent company Samsung have commented on the attack, with no reports of any users being contacted to alert them that their details had been stolen by criminals.

It's a serious breach, but one that appears to be limited to Boxee's optional web forum; users who had a Boxee account as a result of using the web-based streaming service or Boxee Box products are not thought to be affected, although the hackers claim to have attained root access to the server, meaning other data could have been obtained but not publicly released.

Anyone concerned that their details may have been stolen should enter their email address into the Have I Been Pwned website , which has a database of all the affected accounts. The service checks email addresses against a huge list of known data breaches, including Adobe, Snapchat, Yahoo, Sony and Tesco.

Read more