Toshiba has confirmed the claims of a hacker that managed to compromise one of its US sites and steal and publish part of a user database on pastebin.com.
While the hacker claimed that the hacked site contained personal information of some 5,200 users but that he leaked the information of only 800 of them, the Toshiba spokeperson says that the site contained around 7,500 entries, 681 of which were compromised.
According to the company, the good news is that no credit card details were compromised.
According to Softpedia‘s Lucian Constantin, the bad news is that the passwords associated with the accounts were obviously stored in plaintext – a big no-no for any company or website that cares about user security.
Even worse news is that even though Toshiba has been aware of the intrusion and of the compromise for almost a week now, it still hasn’t changed its password storage policy and begun encrypting stored passwords on some of its sites.