Just received this email from Comixology: their security was breached. This applies to all accounts, consumer and retail!
|Dear Comics Reader, In the course of a recent review and upgrade of our security infrastructure, we determined that an unauthorized individual accessed a database of ours that contained usernames, email addresses, and cryptographically protected passwords. Payment account information is not stored on our servers.
Even though we store our passwords in protected form, as a precautionary measure we are requiring all users to change their passwords on the comiXology platform and recommend that you promptly change your password on any other website where you use the same or a similar password. You can reset your comiXology.com password here.
We have taken additional steps to strengthen our security procedures and systems, and we will continue to implement improvements on an ongoing basis.
Please note that we will never ask you for personal or account information in an e-mail, so exercise caution if you receive emails that ask for personal information or direct you to a site where you are asked to provide personal information.
We apologize for the inconvenience. If you have any questions, please contact us by sending an email to firstname.lastname@example.org
Please run, don’t walk, to the nearest computer and change your password. Now!
Kudos to Comixology for disclosing the breach: unfortunately there’s no mention of when it took place. I went to the normal site and was greeted with this banner:
You can’t log in, only change your password. Nice touch Comixology; a solid approach to security and one that guarantees all passwords are changed.