1%
They use more than 100 servers for authentication and only one was hacked?
I am greatly relieved. </sarcasm>
Scribd, which claims to be the world's largest online library, has been hacked - exposing the email addresses, usernames and password hashes of 500,000 users. The document-sharing website admitted the database raid may have leaked the details of one per cent of its 50-million-plus users. Potentially affected users have been …
"Scribd, which claims to be the world's largest online library....." Also accused of being one of the World's biggest open copyright infringers (http://en.wikipedia.org/wiki/Scribd#Criticism), so I don't think it was the usual freetards skiddies, more likely pro crooks looking for subscription details. Anyone with an account would be wise to change their password regardless, and probably keep an eye on purchases on the card they used to subscribe.
A friend of mine is a senior lecturer in archeology, he has published a small amount of books, three or four I can't remember. These books form part of his income, he relies on the royalties - so do many academics. He found all of them on Scribd, accompanied with a comment along the lines of "get them before the bastards take them down."
I always love the uncertainty of these articles about security -words like proably ,and should be ok we hope.
Even the security guy at the bottom of the article says at this point it probably doesnt matter and as true as this is its still such a weird choice of words.
If you're upgrading your password encryption (for instance from unsalted to salted) you can only realistically do it when the user logs in, since this is the only time your system has the unencrypted password to work with. It may well be that the 1% haven't logged in recently enough to be upgraded, and hackers have potentially got some nice and easy unsalted md5 hashes to work with.