Another day, another breach. If you had Shapeways in this round of Hacker Bingo, you’re our lucky winner. The company has started notifying account holders of the breach with the following e-mail:
We are currently investigating an incident involving unauthorized access to our systems. The intruders may have accessed some user names, email addresses, and shipping addresses. They did not access any model files. Additionally, the intruders did not access full credit card information because we do not store such information on our systems. We have not observed any actual misuse of your user information.
Although we protect your password with a hash in an effort to prevent malicious attackers from misusing it, to err on the side of caution we suggest that you reset your password at your earliest convenience. You can reset your password by logging into your account, navigating to the account settings page, and following the directions there for changing your password. If you use your Shapeways password for any other site, we recommend resetting the password for those sites as well. We encourage you to use strong passwords and not to reuse your Shapeways password on other sites.
As part of our investigation we are actively coordinating with law enforcement and reviewing and reinforcing our security procedures. If you suspect that someone is attempting to gain access to your account or solicit your personal information, please contact us at firstname.lastname@example.org.
We apologize for the disruption and the extra work this requires from you. We take your security extremely seriously and will do our best to assist you through this process at email@example.com.
CEO & Founder
Needless to say, if you’ve ever done business with Shapeways, you should absolutely change your password immediately. As mentioned in the e-mail, there has been no suspicious activity on the accounts that were accessed, though if other personal information was taken it could be used for other purposes or on other websites.
When logging into the site, users are once again prompted to change their password, though if you’ve logged into the site with your Google or Facebook account, no action should be necessary at this time.
Have you used Shapeways in the past? Did you receive the e-mail above? Tell us what you think of today’s hack-o-the-day in the comment section below, or on Google+, Facebook, or Twitter.H/T Derek Thorson