UserVoice learned in late April that an unauthorized party illegally accessed one of UserVoice’s backend reporting systems and was able to view user data on a small subset of users.
The user data included name, email, and a hashed password and salt.
Unfortunately, the passwords were hashed with the SHA1 hashing algorithm.
The company reset the passwords for the users whose information was accessed and contacted them directly.
Source: https://www.databreaches.net/uservoice-security-incident/
TPRM report: https://scoringcyber.rankiteo.com/company/uservoice
"id": "use1553291222",
"linkid": "uservoice",
"type": "Breach",
"date": "05/2016",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Small subset of users',
'industry': 'Technology',
'name': 'UserVoice',
'type': 'Company'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': ['Direct Contact with Affected Users'],
'data_breach': {'data_encryption': 'SHA1 hashing algorithm',
'personally_identifiable_information': ['Name', 'Email'],
'type_of_data_compromised': ['Name',
'Email',
'Hashed Password']},
'date_detected': 'late April',
'description': 'UserVoice discovered in late April that an unauthorized party '
'illegally accessed one of their backend reporting systems and '
'viewed user data on a small subset of users. The compromised '
'data included names, emails, and hashed passwords using the '
'SHA1 algorithm. The company reset the passwords for the '
'affected users and contacted them directly.',
'impact': {'data_compromised': ['Name', 'Email', 'Hashed Password'],
'systems_affected': ['Backend Reporting System']},
'response': {'communication_strategy': ['Direct Contact with Affected Users'],
'remediation_measures': ['Password Reset']},
'threat_actor': 'Unauthorized Party',
'title': 'UserVoice Data Breach',
'type': 'Data Breach'}