Newsnow data breach may have compromised users’ encrypted passwords

• NewsNow claimed that payment card details were not impacted by the breach.
• NewsNow urged users that used reused passwords to immediately reset their account passwords.

The popular news aggregation site NewsNow suffered a data breach that may have resulted in exposing users’ encrypted passwords. Although the news aggregator failed to mention anything about the breach on its site or on any of its social media accounts, it is reportedly notifying affected customers via email.

The incident was brought to light after security consultant Troy Hunt, who runs the Have I Been Pwned service, posted a Tweet that shared NewsNow’s alert about the breach. NewsNow has yet to determine the number of user account passwords compromised by the breach. However, the news aggregator claimed that no financial data was impacted by the breach

“We think the likelihood of anyone taking the trouble to decipher your password is minimal,” NewsNow said in an email notification, Graham Cluley reported.

The company also clarified that it does not store any other sensitive data such as payment card information. Currently, there is no information about how the breach occurred or whether it was caused due to an unsecured database.

Meanwhile, NewsNow claimed that it is working to strengthen the security of its infrastructure and systems. It has signed-out currently signed-in users and removed the compromised passwords from the signed-in systems as well.

Users have been advised to click on a link in NewsNow breach notification email to complete the sign-in process. Additionally, NewsNow also urged those who used reused passwords to immediately reset their passwords.

“We would also encourage you to continue to take all usual precautions such as ignoring and deleting spam and unsolicited emails, and in particular avoiding opening unsolicited email attachments; use strong passwords, avoid using the same passwords for multiple websites or online services,” NewsNow said.