Social Blade Security has been Breached

Shimejii · December 16, 2022

Summary

Social Blades security was breached as hackers were attempting to sell user information on some forums. The items that were stolen were email addresses, IP addresses, password hashes, clientids and tokens for our business API users, auth tokens for connected accounts, and many other pieces of non-personal and internal data.

Quotes

Quote

On December 14th we were notified of a potential data breach whereby an individual had acquired exports our user database and were attempting to sell it on a hacker forum. Samples were posted and we verified that they were indeed real. It appears this individual made use of a vulnerability on our website to gain access to our database. Please be assured, the data leaked does not include any credit card information, but it does include other data that could be considered personal information. Notable pieces of information include email addresses, IP addresses, password hashes, clientids and tokens for our business API users, auth tokens for connected accounts, and many other pieces of non-personal and internal data. A very small subset of the data (about a tenth of a percent) also included addresses. While account password hashes were leaked, we have never stored your password in plain text so your password is still secure. Technically speaking, passwords are hashed using the bcrypt algorithm.

My thoughts

Another instance to remind you to change your passwords for these kinds of sites as soon as you see it. Some should have gotten an email, others may not have. Always gotta be sure to not reuse passwords and such!

Sources

https://www.infosecurity-magazine.com/news/social-blade-confirms-data-breach/#:~:text=Social media data analytics tool,sale on the dark web.

https://www.securityweek.com/social-blade-confirms-breach-after-hacker-offers-sell-user-data

Vishera · December 16, 2022

The email addresses of all YouTube users were already leaked by Google themselves...

And you can still see them on YouTube.

As for the IP addresses i am pretty sure that mine changed since the last time i visited the website.

And the passwords - I never login with my Google account to anything, and for every website i create an account from scratch + a very long randomly generated password.

Use different passwords for different websites, don't use account from one website in a different website, it maybe convenient to use your Apple or Google account in every website you can but it's not recommended.

Beerzerker · December 16, 2022

21 minutes ago, Vishera said:

The email addresses of all YouTube users were already leaked by Google themselves...

And you can still see them on YouTube.

As for the IP addresses i am pretty sure that mine changed since the last time i visited the website.

And the passwords - I never login with my Google account to anything, and for every website i create an account from scratch + a very long randomly generated password.

Use different passwords for different websites, don't use account from one website in a different website, it maybe convenient to use your Apple or Google account in every website you can but it's not recommended.

I've noticed lately whenever I go to a site such as fleabay for example I get a popup box from Google (If it's really them) wanting me to use that to log in to the site.
Of course I ignore it and this makes me even more weary of things with Google.
Here's a screenshot of what I'm seeing.