Social media analytics provider confirmed that the Social Blade data breach happened after its database was compromised and listed for sale on a hacker forum. Social Blade is an analytics software that gives users with statistics and graphs for their YouTube, Twitter, Twitch, Daily Motion, Mixer, and Instagram accounts, allowing them to monitor predicted revenues and projects. The firm provides an API that allows users to easily incorporate Social Blade data into their own platforms. According to BleepingComputer, the corporation verified the intrusion and started distributing data breach alerts to clients.
Customers were notified of a data breach as follows:
“On December 14th we were notified of a potential data breach whereby an individual had acquired exports our users database and were attempting to sell it on a hacker forum. Samples were posted and we verified that they were indeed real. It appears this individual made use of of a vulnerability on our website to gain access to our database.”
Social Blade data breach includes internal and personal data
Customers were notified of a data breach when a hacker gained access to the company’s database and stole the following information:
- Email addresses
- Password hashes
- Client IDs
- Tokens for business API users
- Auth tokens for connected accounts
- Various non-personal and internal data
The warning emphasizes that no credit card information was compromised as a result of the security breach.
While Social Blade claims that user passwords were hashed using the bcrypt technique and are thus difficult to decode, the business nonetheless recommends that all users replace their passwords. However, there will be no platform-wide credential reset. The authorization tokens for Business users and associated social media accounts have also been cycled, preventing threat actors from using the ones listed in the stolen database.
In a forum post on the Breached hacking community, a threat actor stated that the data was taken in September 2022 and was prepared to sell it to a maximum of one to two people. The hacker claimed the stolen database had 5.6 million entries and released samples of the data, which included IP addresses, emails, database structure, and so on. According to the organization, it has repaired the security weakness that the intruder used to gain access to its systems and is currently performing further tests to verify that all systems are appropriately hardened to prevent such instances in the future.
“We are too aware that bad actors will continue to attempt to infiltrate IT infrastructure around the world, and rest assured we at Social Blade will never be complacent in hardening our security and defenses,” the notice reads. Social Blade advises users to be wary of phishing efforts, which generally precede large-scale data breaches and impersonate the hacked firm in order to obtain passwords and credit card details.
That’s all you need to know about the Social Blade data breach. If you enjoyed this article, we suggest that you take a look at Cloud under attack: GoTo data breach ended up affecting LastPass, or Facebook data breach 2022: 1M+ users affected.