Tom Spurgeon's Web site of comics news, reviews, interviews and commentary

March 6, 2014

Comixology Sends Out Letter About Unauthorized Database Access; Asking Folks To Change Passwords

The very successful digital comics company Comixology apparently sent out a letter this morning that reads as follows:
Dear Comics Reader,

In the course of a recent review and upgrade of our security infrastructure, we determined that an unauthorized individual accessed a database of ours that contained usernames, email addresses, and cryptographically protected passwords.

Payment account information is not stored on our servers.

Even though we store our passwords in protected form, as a precautionary measure we are requiring all users to change their passwords on the comiXology platform and recommend that you promptly change your password on any other website where you use the same or a similar password. You can reset your password here.

We have taken additional steps to strengthen our security procedures and systems, and we will continue to implement improvements on an ongoing basis.

Please note that we will never ask you for personal or account information in an e-mail, so exercise caution if you receive emails that ask for personal information or direct you to a site where you are asked to provide personal information.

We apologize for the inconvenience. If you have any questions, please contact us by sending an email to


I haven't confirmed this directly -- hey, a hoax would be a story in and of itself -- but I wanted to put it out there to give a heads up to people that have e-mail from companies like this automatically sent to spam folders so they can go looking for it. I'm not saying I'm one of those people, but I'm sure there are a ton of people like that.

Seems real, though.

The good news here would be a) that no financial information was touched, b) they discovered this themselves rather than having a bunch of people finding out that their accounts there and elsewhere have been used. The bad news would be a) the rest of it, although maybe particularly if you used a similar password or the same one with other digital accounts you have out there. Changing all of them could be a pain.

As is always the case with any password I recommend going full Your Parents On The Computer: clearing out everything, turning your computer off, turning it back on, going directly to the site by means other than the informing e-mail, then changing it. There is probably a way to do this that is less ridiculous, but this is my way.

I know that mostly because of automatic re-sets, a lot of my friends -- even the old, forgetful ones -- are moving towards multiple passwords just generally, in some cases keying them into the purpose of the site (a comics password for a comics site, say). This is probably a terrible way to do it, too. Also, probably don't use "yellowking."
posted 2:15 am PST | Permalink

Daily Blog Archives
April 2018
March 2018
February 2018
January 2018
December 2017
Full Archives