Over the weekend, podcast-services provider Blubrry sent an e-mail to all users requesting that they change their passwords. From the Blubrry blog:
To ensure customers’ trust and security on Blubrry.com, we are requiring all Blubrry.com users to change their passwords.
We learned earlier this week that the Blubrry Podcasting Community was the victim of a hacking intrusion. Please be assured that we make every effort to keep our sites secure, but, like everyone who has a presence on the Internet, we are not immune from such attacks. Your security and your confidence in Blubrry is important to us. This is why we wanted to be upfront and let you know that was an anomaly and we’re taking necessary measures to ensure it is unlikely to happen again.
At this time we have no evidence that anyone’s password has been compromised.
However we are aware that this is a possibility so we are reaching out to you to change your passwords. This is especially important if you use the same password for multiple sites on the Internet.
Blubrry also posted some details about the nature of the intrusion and how they’ve responded:
All accounts will notice that their Blubrry.com account password is no longer valid. Members will receive an email from Blubrry.com in the coming days with instructions on how to reset the passwords.
Only basic account sign-in information was stolen. Specific applications, functions and user generated data were NOT accessed during the intrusion, nor was our secure commerce system, which by design is isolated from all other application servers.
Between the time we learned of the intrusion and today, we have made dramatic changes to our systems, first to prevent such intrusions in the future, followed by changes in how we manage account credentials. We took these steps to ensure your confidence in our handling of your account login data, including the use of stronger hashing and encryption of passwords.
Unfortunately, hackers are always finding ways around security, but we’ll continue to find better and more efficient ways of blocking them. We sincerely apologize for any inconvenience this has caused you, our members. We take the confidence and security of our Blubrry family very seriously.
I use Blubrry’s free statistics service and when I went to check my stats yesterday, I was automatically prompted to reset my password. While it’s an inconvenience, it’s also a pretty simple process.
Disclaimer: Our Executive Editor, Todd Cochrane, is CEO of RawVoice, the company that owns and operates Blubrry.