NewsNow, the popular news aggregation site just suffered a huge data breach that may have resulted in exposing their users’ encrypted passwords.
The news aggregator failed to mention anything about the breach on its site or on any of its social media accounts. It is reportedly notifying affected customers via email:
“We are writing to inform you of a security breach affecting the NewsNow website. The breach has now been resolved, and security has been tightened to prevent a recurrence.
However, we believe it is possible that an encrypted version of your password may have been accessed. While we do not have any concrete evidence that this has happened, the possibility cannot be completely ruled out.
Since it would not be straightforward for anyone to decipher your actual password, and since NewsNow does not store any sensitive personal data of yours (such as payment data), we think the likelihood of anyone taking the trouble to decipher your password is minimal.
Nevertheless, as part of our tightened security measures we have signed-out currently signed-in users, and eliminated the need for passwords from our sign-in system. In future when you sign in you will simply need to click a link in the email we send you to complete the sign-in process.
Additionally, we would strongly recommend that, if you have used your existing NewsNow password on any other websites or online services, you change those now.
We would also encourage you to continue to take all usual precautions such as ignoring and deleting spam and unsolicited emails, and in particular avoiding opening unsolicited email attachments; use strong passwords, avoid using the same passwords for multiple websites or online services.
We are very sorry for any inconvenience this may cause. If youd like more information, please contact our Data Protection Officer at dataprotection@NewsNow.co.uk or via our online form.
The incident was reported right after security consultant Troy Hunt, who runs the Have I Been Pwned service, posted a Tweet that shared the news about the breach. NewsNow has yet to determine the number of user account passwords compromised by the breach. However, the news aggregator claimed that no financial data was impacted by the breach.
Meanwhile, NewsNow claimed that it is working to strengthen the security of its infrastructure and systems. Users have been advised to click on a link in NewsNow breach notification email to complete the sign-in process and immediately reset their passwords.