Password Reset Time: ComiXology Loses User Data in Security Breach

| News

Digital comic reseller ComiXology is warning all of its users to change their account passwords after discovering a security breach where someone made off with user names, email addresses, and encrypted passwords. Credit card information wasn't accessed during the security breach because that data is stored on different servers.

ComiXology users need to reset their passwords following a security breachComiXology users need to reset their passwords following a security breach

The company alerted users to the security breach in an email saying, "Even though we store our passwords in protected form, as a precautionary measure we are requiring all users to change their passwords on the ComiXology platform and recommend that you promptly change your password on any other website where you use the same or a similar password."

The problem was discovered during a review and upgrade of the company's security system, and improvements have already been put in place to help prevent similar data breaches in the future.

Comixology users need to change their account passwords right away as a precautionary measure. Users should change their passwords at any other sites where they use the same login information.

The digital comic book reseller isn't the only company dealing with data breaches. Kickstarter recently lost user account data to hackers, including encrypted passwords. No credit card numbers were taken in that attack, either.

Attacks like these underscore the need to use different passwords for every login account to avoid hackers gaining access to multiple services you use after hacking into a single company's databases. It's also a good idea to use a password manager, like 1Password or LastPass, to keep track of your various website logins.

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

Good on ComiXology for letting users know about the data leak. Go change your password now, and make sure it isn't one you use on any other sites.



I’ve never liked password managers. It always seemed like putting all your eggs in one basket. But any more I think I might have to start using one. Too many passwords to keep straight. Plus for them to be at all secure, passwords have to be too complex to make them memorable and regularly changed. The human mind just can’t keep track of a 64 digit upper and lower case alpha numeric plus symbol truly random password. Sorry but zSe$rFvGy&8(02G%^nQ177)2"bbesWDG23)cc}[|1Cv^09@# is just not something I can keep track of, especially when I have two or three dozen of them to remember and they change once a week.

The root problem though is that ID/PW is an obsolete model. It’s time for a paradigm shift to something else. Of course I’ve been saying this for a decade but it’s especially true now. We need something better. Biometrics isn’t it. All your fingerprint does is to release an internal password so the bad guys just attack that. I like the two step authentication idea that some services use. You enter an ID/PW and it texts you with a one use stage two PW to let you in. But that’s a bit of a pain, doesn’t work if you aren’t in cell coverage, and assumes you have a smart phone. I’m not sure what the answer is, but we need something because any more ID/PW is about as secure as the lock on your screen door.

And don’t get me started on my bank using a 4 digit number to authenticate my debit card.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account