Trakt is a company whose app monitors TV program/movie viewing habits of its customers. The company had declared that it fell victim to a PHP exploit around four year ago. This exploitation has lead to the leakage of its crucial data.
The company has revealed that the breach involved some of its customer’s personal information like user name, email and its encrypted password. They have written and informed its customers regarding the same.
The email added that although this breach occurred four years ago in 2014, it was only recently discovered. Luckily the payment information of its paying customers was not included in the security wobble and is held by their payment processors. Thus payment information was not leaked as it was not within its own servers.
Critical information like email, usernames, encrypted passwords, names and also customer location was lost in the breach.
The company had shifted to version 2 from version 1 by January 2015 and thus it could remove any access outsiders had to their confidential data. Trakt has claimed that by implementing this upgrade it led to a more secure algorithm for storing passwords, it could remove the exploit and the new infrastructure had better and far tighter restrictions.
The company has reset the passwords for the ones that were stolen and have sent a reset link to its customers. It has also assured customers that they are monitoring their site more diligently.
The email had concluded that “We know you trust us with your data and we failed to protect it. We’re incredibly sorry that this happened and hope that you’ll let us earn your trust back”.