Hashed passwords exposed, too
Custom 3D model printing biz Shapeways has been hacked, who gained access to customers’ shipping and email addresses, usernames and hashed passwords.
New York-based Shapeways takes 3D designs and prints them for those unwilling or unable to invest in a 3D printer of their own.
Its customers received an email today from CEO Peter Weijmarshausen warning them of the network intrusion and advising them to change their passwords as a precaution – weak passwords can be cracked from the hashes, it seems.
Reg reader Vince alerted us to the cyber-break-in and we got in contact with Shapeways.
In a statement, it said that some email addresses, usernames, and shipping addresses were exposed, but that the hackers didn’t get a full run of their servers and no 3D printing plans were stolen.
“The intruders did not access credit card information because Shapeways does not store such information on their systems,” said a spokeswoman.
“Although Shapeways protects users’ passwords with a hash in an effort to prevent malicious attackers from misusing it, to err on the side of caution, Shapeways is suggesting that users reset their passwords.
If users use their Shapeways password on other sites, Shapeways is also recommending resetting the password for those sites as well, and not to reuse their Shapeways password on other sites.”
It’s nice to know there are still firms that take their users’ security seriously enough to protect it using hashes (yes, we’re looking at you Comcast) and store financial information properly.
In the meantime, get changing those passwords – and Shapeways, get patching whatever hole allowed those miscreants in. ®
Sponsored: Global DDoS threat landscape report