The company says a total of three accounts were accessed by the attacker or attackers before the company reset the passwords. At this point, the company says, the stolen data doesn’t appear to have been released publicly. While the main database wasn’t accessed, the attacker or attackers were able to access a legacy log file that contained user names and SHA-1 hashes of passwords. The company has since deleted the log file and stopped the legacy logging procedure. All affected users are being asked to create a new password on the company’s Web site, and to check their logs to ensure that no unauthorized commands had been sent to their device. Source: Softpedia news
