UserVoice hacked, managers accept the weakness of the security system

UserVoice confirmed that he had suffered a hacker attack last month and that the information related to user name and password of a small number of users were compromised. The UserVoice platform is used by prominent leaders of the hi-tech market to gain feedback on their products; the name of UserVoice, for example, will probably be familiar to Microsoft users and Twitch, sweatshops UserVoice to collect recommendations, suggestions and advice on the service provided.

According to an announcement by the providers, the attack was pulled off due to the weakness of the cryptographic systems used to protect personal data of users: Unfortunately, hashing passwords was carried out with the SHA1 algorithm, which is considered weak in relation to current standards - clarifies UserVoice. In substantive terms, the attack has compromised a lot of personal information related to a small proportion of registered users: less than 0.001% of users, specifically. No data finance (eg. Those related to credit cards) has been compromised and were not on the system users accessing the platform by logging in with Gmail, Yahoo and Facebook.

UserVoice confirmed that he had informed the affected users from attack, suggesting to change the username and password. As an additional precautionary measure, UserVoice is requiring all users (affected or not by the attack) to change the password for UserVoice and that of other sites that share the old password Uservoice. The measures taken to correct immediately the potential damage caused by the recent cyber attack, add up additional measures which should prevent the recurrence of new security threats, as well summarized by UserVoice:

infrastructure changes to prevent further attacks were identified attack mode which allowed access to the system and made
They are being implemented new security layer in the backend
They were raised password requirements for all users
A bad 'slip' to UserVoice that can count about 10,000 companies among its clients and has failed to prevent the attack because of the aforementioned lack of effectiveness of cryptographic algorithms. The case will undoubtedly help to determine the desirable raising of the safety standards used by the company, which, as said, has already moved in this direction. Appreciable, beyond all, the intellectual honesty with which the UserVoice managers have clarified the causes of cyber attack in a detailed page of the official site.