From
socialblade.com
Email Address
noreply@socialblade.com
Sent On
Sat, Dec 17, 2022 02:33 AM
Email Preheader Text
Dear Social Blade User, We want you to be aware of an incident involving your Social Blade account i
HTML
Dear Social Blade User, We want you to be aware of an incident involving your Social Blade account information. While we believe the actual impact of this incident is minimal, we want to ensure you have the correct information and tools to keep your account secure and we believe you have a right to know what happened. What happened On December 14th we were notified of a potential data breach whereby an individual had acquired exports our user database and were attempting to sell it on a hacker forum. Samples were posted and we verified that they were indeed real. It appears this individual made use of a vulnerability on our website to gain access to our database. Please be assured, the data leaked does not include any credit card information, but it does include other data that could be considered personal information. Notable pieces of information include email addresses, IP addresses, password hashes, clientids and tokens for our business API users, auth tokens for connected accounts, and many other pieces of non-personal and internal data. A very small subset of the data (about a tenth of a percent) also included addresses. While account password hashes were leaked, we have never stored your password in plain text so your password is still secure. Technically speaking, passwords are hashed using the bcrypt algorithm. The way bcrypt works is computationally slow, due to the complexity of bcrypt weâve determined resetting everyoneâs passwords was not a necessary step. To be extra safe, while not required, it wouldnât hurt to change your password. What we're doing We've already addressed the method that this third-party employed to gain access to the system, and we're doing additional reviews to ensure that the security of all of our systems are further hardened to prevent future incidents. Business API users were already notified via a separate email that their auth tokens had been changed to prevent access by any third party. Users who had connected their other social media accounts whereby an auth token was stored have been cycled as well where appropriate ensuring no connected accounts are at risk. The future We sincerely apologize to you for any inconvenience this situation may cause. We want to assure you that we are doing everything we can to swiftly remedy this incident and prevent future incidents from occurring. We are all too aware that bad actors will continue to attempt to infiltrate IT infrastructures around the world, and rest assured we at Social Blade will never be complacent in hardening our security and defenses. We'd also like to remind you that no one at Social Blade will ever reach out to you to ask for a password or credit card number over email. Please be vigilant of anyone contacting you claiming to be us. If in doubt reach out to our support team at . Thank you,
The Social Blade Team
[Contact Support]( Don't want to receive these e-mails? [Unsubscribe]( [View in browser](
EDM Keywords (68)
world
well
website
want
vulnerability
vigilant
verified
us
tools
tokens
thank
tenth
systems
system
stored
sell
security
risk
right
required
remind
receive
posted
pieces
passwords
password
one
occurring
notified
never
minimal
method
many
leaked
know
keep
infiltrate
individual
inconvenience
include
incident
hurt
hardening
hardened
happened
future
everything
ensure
defenses
data
cycled
could
continue
connected
complexity
complacent
claiming
changed
change
browser
believe
bcrypt
aware
attempting
attempt
assured
assure
ask
appears