SEO optimisation website Moz.com (previously known as SEOmoz) have revealed that some of its member’s passwords were made public for a short while on Friday.
Quite why they sent such an email to me is baffling as I don’t recall ever registering but here is what they have to say –
On Friday, May 31st, we discovered that an encrypted portion of some of our member passwords may have been made public for a brief period of time. Within minutes we were able to remove the potential vulnerability. Fortunately, Moz uses a two-part hashing scheme for our passwords, so there is little risk of an account being compromised.
As a precautionary measure, we are implementing a password reset. Please log in to your account at https://moz.com/login where you will be prompted to start the password reset process.
No plain text passwords were exposed or stored in our system, and in our investigation we have found no evidence of any unauthorized access to user accounts or credit card information (we never display credit card numbers).
We were not hacked and our systems were not compromised. This is a precautionary measure to ensure your account integrity.
Like many companies, we use a two-part process for password encryption. This makes it significantly harder for security breaches to occur when this type of vulnerability is exposed.
At Moz, the security of your data and account information is a mission critical priority for us. We apologize for the inconvenience of changing your password, but we want to take every precaution to ensure your data is safe!
Accessing your account at https://moz.com/login will prompt you to change your password. If you have difficulty changing your password, or any questions or concerns, please be sure to contact us right away.
Thank you for your patience!
The Moz Team
From the sounds of the email there has been no breach or attack and so there is little risk to members’ passwords. It is, however, highly advisable to change your password as soon as possible just in case.