Social media analytics service Social Blade has confirmed that it is investigating a security breach after hackers offered to sell their user database on an underground crime website.
In a notice sent to Social Blade users, the company said it confirmed that its database was for sale on a hacking forum after being notified of the possible breach on December 14. increase.
according to beeping computerthe Social Blade data was first published on an underground forum on December 12, 2022.
Meanwhile, hackers claim to have stolen a database of 5.6 million records in September.
Social Blade, which monitors the social media accounts of tens of millions of users, double-checked that no credit card information was leaked, but the leaked data included email addresses, IP addresses, password hashes, You said it contained a client id, a token. Business API users, authentication tokens for connected accounts, and “many other non-personal and internal data.”
The company also warns that “a very small subset of the data (about one tenth of a percent)” also contains user addresses.
Social Blade said that while the password hashes were leaked, they did not believe they were at risk due to the strong bcrypt encryption algorithm used. Nonetheless, it is prudent for affected Social Blade users to change their passwords to ensure that the new password is unique and difficult to crack or guess.
Business API tokens have been reset to prevent misuse by unauthorized third parties.
Social Blade believes that the individuals who stole the data exploited a vulnerability on the website to gain access. The company says it has closed the security hole and is conducting additional reviews of the system to further tighten security.
In addition to changing passwords, anyone who has used Social Blade should be aware of scams and phishing attacks that use compromised information to trick unwary individuals into handing over their details. It is recommended.