Digital collectibles platform Quidd has suffered a significant data breach, exposing the account credentials of four million users.
As discovered by cybersecurity researchers at Risk Based Security, a hacker referred to as ProTag broke into the company's systems and lifted usernames, email addresses and hashed passwords.
According to ZDNet, the database circulated private hacking forums for months before it was posted on a public board, reportedly due to the challenging nature of the bcrypt algorithm used to encrypt the passwords.
Although the passwords were not distributed in plaintext, hackers have succeeded in decrypting the passwords. There have been reports of two separate efforts, with one individual claiming to have cracked more than 135,000 passwords, and the other more than a million.
Quidd has not notified its users of the breach, suggesting the company may have been unaware of the incident. Users are advised to change their login details as soon as possible.