According to the email I got this morning, the blanket password reset is being called a “precautionary measure” by comiXology. They report that an unidentified individual had gained unauthorized access to one of comiXology's databases which contained passwords, emails, and usernames.
Yes, the hacker may have gained access to your email, giving them a good opportunity to phish for your password by sending a fake email. Just to be safe, I went and confirmed this report via comiXology's Twitter accounts. (If the hacker got control of both accounts as well the database info then I just give up; I welcome my new hacker overlord.)
If you have an account with comiXology, go here to reset your password ASAP. I have already changed mine, and I don't even have any payment info attached to the account.
Here's the email comiXology sent out:
Dear Comics Reader,
In the course of a recent review and upgrade of our security infrastructure, we determined that an unauthorized individual accessed a database of ours that contained usernames, email addresses, and cryptographically protected passwords.
Payment account information is not stored on our servers.
Even though we store our passwords in protected form, as a precautionary measure we are requiring all users to change their passwords on the comiXology platform and recommend that you promptly change your password on any other website where you use the same or a similar password. You can reset your comiXology.com password here.
We have taken additional steps to strengthen our security procedures and systems, and we will continue to implement improvements on an ongoing basis.
Please note that we will never ask you for personal or account information in an e-mail, so exercise caution if you receive emails that ask for personal information or direct you to a site where you are asked to provide personal information.
We apologize for the inconvenience. If you have any questions, please contact us by sending an email to [email protected]