Another thread on the incident report here:
<a href="https://news.ycombinator.com/item?id=11664713" rel="nofollow">https://news.ycombinator.com/item?id=11664713</a>
<a href="https://status.uservoice.com/incidents/fb7ml8b3nphf" rel="nofollow">https://status.uservoice.com/incidents/fb7ml8b3nphf</a><p>There's a bit more info in this one about exactly what was compromised though. While I can understand the abundance of caution in resetting passwords despite only hashes and salts being lost, it is odd that they would "[presume] the attackers may be able to decrypt the passwords," assuming they're using strong encryption.
"In late April, the UserVoice security team learned that an unauthorized party illegally accessed one of UserVoice’s backend reporting systems and was able to view user data on a small subset of users. The user data includes name, email, and a hashed password and salt. Unfortunately, the passwords were hashed with the SHA1 hashing algorithm, which by today’s standards is considered weak. As such, we’re resetting the passwords for all users in our database."<p>Further information: <a href="https://status.uservoice.com/incidents/fb7ml8b3nphf" rel="nofollow">https://status.uservoice.com/incidents/fb7ml8b3nphf</a>