'PHP Exploit'?
Or 'Well-known crap design exploit'?
Trakt, the makers of an app that monitors users' TV programme and movie viewing habits, has 'fessed up to falling victim to a PHP exploit more than four years ago that resulted in data leakage. The company has written to customers revealing it "learned of a data breach that occurred back in December 2014. The breach involved …
The next time they tried to login it would fail, so there is a fallback process there I suppose.
Aside from that, I like Trakt, it works well at reminding me what's coming up, especially when a new season starts for previously watched shows, for instance. And also tells me I'm 73% through my current binge of classic Doctor Who...
and the data breach would have occurred just one month before the change? Sounds more likely to me that it could have happened anytime up to December 2014.
Also, moving to a "more secure algorithm for storing passwords", probably means the previous algorithm was MD5 hash, so all leaked passwords have been pwned for 4 years.