It’s time to play the Password Shuffle once again!
Online watchdog “Have I Been Pwned?” reports that 2.5 million Funimation accounts were exposed in July 2016. The breach exposed usernames, email addresses, dates of birth and salted SHA1 hashes of passwords.
— Have I Been Pwned (@haveibeenpwned) February 20, 2017
Users are urged to change their passwords as soon as possible.
As of press time, Funimation has yet to make a public comment on the news. We’ve reached out to Funimation for comment, and will update with their official word.
Update 2/24/2017, 1:35PM Eastern:
We just received an official comment from Funimation regarding the data breach:
“Safeguarding the privacy and security of our customers’ information is a top priority.
In August 2016 we learned that our web application forum software was the subject of a sophisticated intrusion. Upon learning of the issue, our incident response team promptly launched an investigation and has been working very closely with one of the nation’s leading cybersecurity firms that regularly investigates and analyzes these types of incidents. Following our complex forensic investigation, which was recently concluded, we devoted considerable time and effort to determine what information contained within the forums database may have been compromised.
Funimation has sent written notification to those customers whose names, e-mail addresses, and dates of birth may have been accessed, as required by state notice laws. Passwords were encrypted and not viewable as a result of this incident.
We are taking proactive steps to strengthen our IT systems moving forward to prevent similar issues in the future. We immediately turned off the forums web application and have since changed all administrator passwords, relaunched an updated version of the site with additional security, increased the complexity of the passwords required for user accounts and upgraded the Forums Platform.”