Schnee (schnee) wrote,


Quick heads-up: LibraryThing, a social book cataloging site, apparently suffered a breach a few years ago that they only discovered now.

Dear ${USER},

During a security review, we found that LibraryThing suffered a data breach in November 2011. While no book data or financial information was taken, lost or changed, the hackers did take email addresses and encrypted password hashes for some accounts created prior to that date.

As a security precaution, we are requiring all members to change their passwords, here:

Please read our longer description of the breach here:

The entire LibraryThing team and I deeply regret and apologize that this happened on our watch. Since 2011, we have significantly improved our security measures, which have been further tightened across the board since we discovered this breach. As a further apology, we are upgrading you and all LibraryThing members who joined prior to November 20th, 2011 to full lifetime accounts.

So if you're on that site (I know a few folks who might be reading this are), go ahead and change your password now, even if you've not received the email yet. You do have to wonder just how a breach like that can go undetected for over two years, too, but at least they found about it now.

Tags: breaches, websites
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded