Search This Blog

Powered by Blogger.

Blog Archive

Labels

Social Blade Confirms Data Breach

The threat actor offered the database of Social Blade for sale on a hacker forum including Email addresses, Password hashes, and more.

The company Social Blade has disclosed a security breach after a group of threat actors offered to sell a database illegally obtained from the company’s systems. 

Social Blade is an American social media analytics website that monitors tens of millions of social media accounts. The website primarily tracks the YouTube platform but also provides analytical information regarding other social media platforms such as Twitch, Twitter, Facebook, Instagram, and TikTok. 

Social Blade works as a third-party API, which facilitates its customers with the compilation of data from different social media platforms, it helps content creators boost their number of subscriptions and the channel's popularity. 

According to the reports, on Monday the threat actor offered the database of Social Blade for sale on a hacker forum which included Email addresses, Password hashes, Client IDs, Tokens for business API users, Auth tokens for connected accounts, and Various non-personal and internal data of users. 

The seller has also provided a sample of table names and content. Reportedly, the hacker obtained 5.6 million records. The sample that has been provided by the hacker shows that many of the records contain user credentials.  

"Even the smallest of flaws, if they go unnoticed, can compound into a huge problem for an organization. Without knowing the exact nature of the flaw we can assume it allowed full access to the Database as this is what the attacker had after running the breach. The overall response here was excellent including resetting passwords and flushing API keys as well as addressing the flaw,” Jason Kent, CEO of Social Blade said. 

Following the incident, the company reported that the matter is under investigation after the officials observed that a hacker offered its users data for sale on a criminal website. Also, the company reported that it has started contacting its customers regarding the incident. 

"Had the accounts or API keys been compromised and left valid, the damage could have been much much worse. Imagine having administrative access at the level of every one of their customers. They could sell social analytics to anyone for any purpose including reputational and/or brand damage. Moving on to the knock-on effect of this, now the people that possess the database know a good credential set to try on other platforms. Understand who the customers are for contextual phishing campaigns as well as other scams that can be run with such data. If you are/were a customer of Social Blade, be prepared for these kinds of attacks," he added.
Share it:

American Firm

Cyber Threat Intelligence

Data Breach

Social Blade