

Moz.com requires users to change passwords after hashes were leaked - hiddenfeatures

Full text of the email, because there is no announcement on the blog so far<p>------------------------------------------------<p>On Friday, May 31st, we discovered that an encrypted portion of some of our member passwords may have been made public for a brief period of time. Within minutes we were able to remove the potential vulnerability. Fortunately, Moz uses a two-part hashing scheme for our passwords, so there is little risk of an account being compromised.<p>As a precautionary measure, we are implementing a password reset. Please log in to your account at https://moz.com/login where you will be prompted to start the password reset process.<p>Further details:<p>No plain text passwords were exposed or stored in our system, and in our investigation we have found no evidence of any unauthorized access to user accounts or credit card information (we never display credit card numbers).<p>We were not hacked and our systems were not compromised. This is a precautionary measure to ensure your account integrity.<p>Like many companies, we use a two-part process for password encryption. This makes it significantly harder for security breaches to occur when this type of vulnerability is exposed.<p>At Moz, the security of your data and account information is a mission critical priority for us. We apologize for the inconvenience of changing your password, but we want to take every precaution to ensure your data is safe!<p>Accessing your account at https://moz.com/login will prompt you to change your password. If you have difficulty changing your password, or any questions or concerns, please be sure to contact us right away.<p>Thank you for your patience!<p>The Moz Team
======
a3n
It's a phishing attack. Hover over the link, it goes to bronto.com, not moz.

~~~
jennita
Hi, I work for Moz. It's not a phishing attack, in fact we sent the email. You
just need to go to moz.com/login to start the password change process.

There's more info in the post here: [http://devblog.moz.com/2013/06/how-we-
fixed-a-password-expos...](http://devblog.moz.com/2013/06/how-we-fixed-a-
password-exposure/)

