Sign in / up

back to article Trakt app users' personal data exposed: We were hit by a 'PHP exploit'... back in 2014

Trakt, the makers of an app that monitors users' TV programme and movie viewing habits, has 'fessed up to falling victim to a PHP exploit more than four years ago that resulted in data leakage. The company has written to customers revealing it "learned of a data breach that occurred back in December 2014. The breach involved …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Holmes

    'PHP Exploit'?

    Or 'Well-known crap design exploit'?

    6 1 Reply
  2. Hans Neeson-Bumpsadese Silver badge

    It has reset passwords for affected users, sending an email with a reset link

    Good practice, but how many people will see that email and dismiss it as a phishing scam?

    3 0 Reply
    1. Ol'Peculier
      Reply Icon

      The next time they tried to login it would fail, so there is a fallback process there I suppose.

      Aside from that, I like Trakt, it works well at reminding me what's coming up, especially when a new season starts for previously watched shows, for instance. And also tells me I'm 73% through my current binge of classic Doctor Who...

      1 0 Reply
    2. TheCynic
      Reply Icon

      Being as it came without notice of a breach - that is what I personally assumed

      1 0 Reply
  3. Pascal Monett Silver badge

    It only took them 4 years

    Brilliant demonstration of being on the ball, there.

    Regain my trust ? Why would I give you another half decade before you notice that you've been hacked again ?

    4 0 Reply
    1. Halfmad
      Reply Icon

      Re: It only took them 4 years

      But... but... yeah I've got nothing.

      1 0 Reply
  4. FrogsAndChips Silver badge

    Platform change in Jan 2015

    and the data breach would have occurred just one month before the change? Sounds more likely to me that it could have happened anytime up to December 2014.

    Also, moving to a "more secure algorithm for storing passwords", probably means the previous algorithm was MD5 hash, so all leaked passwords have been pwned for 4 years.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like