UserVoice hacked; user accounts compromised with weak encryption at play

UserVoice has suffered a data breach leading to the theft of user data including names and passwords secured with weak algorithms.
Written by Charlie Osborne, Contributing Writer

UserVoice has admitted a cyberattack which has exposed sensitive data belonging to a small subset of users with administrator or contributor status.


According to a UserVoice update, the company's backend administrative system experienced a data breach in April which has led to the theft of customer names, along with associated emails, one-way encrypted passwords and random salt strings for a small subset (0.001 percent) of users.

"Unfortunately, the passwords were hashed with the SHA1 hashing algorithm, which by today's standards is considered weak," the firm admitted.

However, no financial data was accessed.

Founded in 2008, UserVoice counts approximately 10,000 businesses among its clients. The software-as-a-service (SaaS) company provides product management and customer support software to the enterprise, including forums, support ticket systems and widgets.

Users with UserVoice's administrators and contributors profiles have been impacted, but in the interest of safety, all users are being asked to change their passwords.

In related news, hackers stole account details belongining to over 57 million users of dating websites in order to peddle this data on the Dark Web.

Read on: Top picks

Editorial standards