IDCloudHost | SSD Cloud Hosting Indonesia

Social Blade Data Breach Notification form e-mail

0

Just got a service related email from Social Blade. Dear Social Blade User, We want you to be aware of an incident involving your Social Blade account information. While we believe the actual impact of this incident is minimal, we want to ensure you have the correct information and tools to keep your account secure and we believe you have a right to know what happened. 

What happened 

On December 14th we were notified of a potential data breach whereby an individual had acquired exports our user database and were attempting to sell it on a hacker forum. Samples were posted and we verified that they were indeed real. It appears this individual made use of a vulnerability on our website to gain access to our database.



Please be assured, the data leaked does not include any credit card information, but it does include other data that could be considered personal information. Notable pieces of information include email addresses, IP addresses, password hashes, clientids and tokens for our business API users, auth tokens for connected accounts, and many other pieces of non-personal and internal data. A very small subset of the data (about a tenth of a percent) also included addresses. While account password hashes were leaked, we have never stored your password in plain text so your password is still secure. Technically speaking, passwords are hashed using the bcrypt algorithm. The way bcrypt works is computationally slow, due to the complexity of bcrypt we’ve determined resetting everyone’s passwords was not a necessary step. To be extra safe, while not required, it wouldn’t hurt to change your password.

What we're doing 

We've already addressed the method that this third-party employed to gain access to the system, and we're doing additional reviews to ensure that the security of all of our systems are further hardened to prevent future incidents. Business API users were already notified via a separate email that their auth tokens had been changed to prevent access by any third party. Users who had connected their other social media accounts whereby an auth token was stored have been cycled as well where appropriate ensuring no connected accounts are at risk.

The future 

We sincerely apologize to you for any inconvenience this situation may cause. We want to assure you that we are doing everything we can to swiftly remedy this incident and prevent future incidents from occurring. We are all too aware that bad actors will continue to attempt to infiltrate IT infrastructures around the world, and rest assured we at Social Blade will never be complacent in hardening our security and defenses. 

We'd also like to remind you that no one at Social Blade will ever reach out to you to ask for a password or credit card number over email. Please be vigilant of anyone contacting you claiming to be us. If in doubt reach out to our support team at https://support.socialblade.com/ .

Thank you, 

The Social Blade Team 


Posting Komentar

0Komentar
Posting Komentar (0)
IDCloudHost | SSD Cloud Hosting Indonesia