[kpumuk]

Compromised != Hacked. To clarify: no accounts were accessed by the hackers, but small amount of account records have had passwords encrypted with outdated algorithm (basically SHA1 + salt), so we preemptively reset their passwords and sent out emails to all affected users.

This is how we define "compromised" - people which had their passwords hash with old algorithm, which is relatively easy to crack.

[zwegner]

This seems to imply that many of (all?) the emails/encrypted passwords were leaked, but you don't consider most of them "compromised"...

[sakai]

I'd like to echo this concern -- were all emails/encrypted passwords leaked, but you only consider those protected by outdated hashing schemes to be compromised?

If so, I feel you have an obligation to alert ALL of your users.

[hackerguard]

Additional question: when did users first alert you to the hack?

[pixelcort]

For the future, I wonder how useful it would be to run old hashed passwords through a newer system such as scrypt. This way those users who haven't logged in in awhile could also benefit from the safer hashed passwords.

    scrypt(hmac_sha1(password, salt), salt, cpumemargs)

In the future, you could even do it again with more cpu and memory requirements for scrypt, upgrading older users' hashes again with another run of scrypt.

[nikcub]

that is a weird definition of compromised.

is it true that all, or greater than 1% of, emails and hashes were dumped?

I find it hard to believe you migrated 99% of passwords to a new scheme. I've never seen over 60%, and that is with a lot of prompting to users (and as as Scribd user i've never been prompted)

[zwily]

The migration can be transparent, since the app has your plaintext password when you log in.

Alternatively, stored passwords can be upgraded by using the new scheme on the hold ashed password, and storing that that's how the password should be checked in the future.

Since not everyone was migrated, I'm assuming they went the first way.