- The breach that occurred in 2014 included loss of personal information such as usernames, emails, and passwords.
- Trakt also mentioned that it has now changed to a secure, improved platform post the incident.
A PHP exploit which targeted Trakt in 2014, has now come to light. After four years, the media discovery platform-company has now disclosed details surrounding the data breach that occurred due to the attack. Trakt has also notified customers that the breach involved loss of personal information to a significant extent.
“We are contacting you today because we have learned of a data breach that occurred back in December 2014. The breach involved some of your personal information such as username, email and encrypted password. Although this happened in 2014, we only recently discovered this, and wanted to promptly provide notice as part of our commitment to your privacy”, stated an email sent by the company. However, it has not revealed details regarding the PHP exploit.
Trakt has reset passwords for those affected and has sent a password-reset link to these users.
Payment information remains safe
On the other hand, the breach did not compromise payment information. Trakt stated that all payment data was present on their payment processors’ end rather than their own servers.
In addition, the mail also mentioned that Trakt took three key measures to boost security since the incident.
“We moved from version 1 of our site to version 2. In doing so, we removed any access outsiders had to your information and accomplished three key things to strengthen our security", the company said.
The three measures taken by the company include,
- Moving to a more secure algorithm for storing passwords.
- A platform change which removed the exploit.
- A new infrastructure with far tighter restrictions.
Trakt is expected to announce further developments on the incident in the coming days.