158,128 e-mail addresses and encrypted passwords were leaked online.

Risk Based Security researchers recently found that an unidentified hacker or hackers had leaked information on 158,128 users of the Web TV service Boxee.tv, including e-mail addresses, encrypted passwords, password change dates, group IDs, birthdates, IP addresses, Boxee site activity, and full message history (h/t Ars Technica).

“Any [messages] sent through their service, including ones with sensitive content, are now public,” the researchers note. “Further, the passwords were apparently salted hashes and easily cracked according to sources.”

According to the researchers, the data dump, which took place around March 10, 2014, includes 172,234 e-mail addresses from 17,653 different e-mail providers or ISPs.

Ars Technica reports that password management service LastPass has already begun alerting customers whose e-mail addresses were exposed. “Please update the password for your boxee.tv account immediately,” the LastPass e-mail states. “The LastPass Security Challenge, located in the Tools menu of the LastPass addon, will help find any other accounts using the same password as the leaked account.”

Security researcher Scott A. McIntyre told Ars Technica that the data appears to have come from users of the Boxee.tv forums, not from Boxee.tv service accounts.

Via: esecurityplanet