- Social Blade was notified of a data breach whereby an individual had acquired the exports of the user database and was attempting to sell it.
- Notable pieces of information include email addresses, IP addresses, password hashes, client IDs, and many other pieces of non-personal and internal data.
- Social Blade has addressed the method that allowed the hacker to gain access to the system and currently doing additional reviews to ensure the security of systems.
Social Blade sent an email to its users, informing them about a data breach incident. Social Blade was notified on December 14 of the incident. The company confirmed that an individual stole the exports of the user database and tried to sell it on a hacker forum. Social Blade claims that the attacker exploited a vulnerability on the website to gain access.
Personal information stolen
Social Blades claims that the incident doesn’t include any credit card information, however, users’ email addresses, IP addresses, password hashes, client IDs and tokens for the business API users, auth tokens for connected accounts, and many other pieces of non-personal and internal data are stolen. Social Blade also stated that approximately 10% of the users’ addresses are also stolen.
Among personal information, users’ password hashes are also leaked, but the company states the passwords are still secure. The company also advised users to change their passwords as a security measure.
The company announced that the vulnerability allowing the attacker to steal the data is now fixed and additional reviews are being done to prevent future incidents. Business API users are informed with a separate mail, notifying them that their auth tokens had been changed to prevent access by any third party. Users who had connected their other social media accounts whereby an auth token was stored have been cycled as well where appropriate ensuring no connected accounts are at risk. Social Blade said,
« We sincerely apologize to you for any inconvenience this situation may cause. We want to assure you that we are doing everything we can to swiftly remedy this incident and prevent future incidents from occurring. We are all too aware that bad actors will continue to attempt to infiltrate IT infrastructures around the world, and rest assured we at Social Blade will never be complacent in hardening our security and defenses. »