Digital comic book junkies will need to reset their ComiXology passwords following a security breach.
In an e-mail to users, ComiXology says it discovered the breach during "a recent review and upgrade of our security infrastructure," but doesn't disclose exactly when the hack occurred. Although the attacker made off with usernames, e-mail addresses, and encrypted passwords, payment information is apparently safe because it is not stored on ComiXology servers.
As a precautionary measure, ComiXology is requiring all users to reset their passwords, and suggests changing passwords on any site where the same password is used. Encrypted passwords aren't immediately visible to a hacker, but they can be cracked with enough effort, and weaker passwords are particularly susceptible.
ComiXology has also warned against potential phishing attacks, reminding users that it will never ask for personal information or passwords via e-mail.
In other words, it's all standard operating procedure for a company that's been hacked, right down to the obligatory "We apologize for the inconvenience."
A recent New York Times story noted that security tends to be far down the list for tech startups compared to acquiring users, adding features and raising money. Companies instead tend to tackle security after the fact, as we've seen with beaches at SnapChat, Kickstarter and Tinder. While ComiXology says it was in the process of upgrading its security infrastructure when it discovered the breach, even that effort was apparently too late.