A popular data analytics tool that tracks YouTube and other major social media platforms has admitted to being hacked.
Social Blade issued a statement saying it had been notified of a systems breach on December 14, while insisting no credit card data had been leaked.
However, it said other personally identifying information, including email and internet protocol (IP) addresses, hashes used to conceal passwords, client IDs, and authentication tokens for connected accounts were among the data offered for sale on a dark web forum by the hacker responsible.
Social Blade is a US-based data analytics tool that tracks social media platforms such as YouTube, Facebook, Twitter, and TikTok, and claims to have seven million unique visitors to its website every month.
“We were notified of a potential data breach whereby an individual acquired our user database, attempting to sell it on a hacker forum,” said Social Blade. “Samples were posted and we verified that they were real. It appears this individual made use of a vulnerability on our website to gain access to our database.”
It added: “The data leaked does not include any credit card information, but it does include other data that could be considered personal information. A very small subset of the data – about a tenth of a percent – also included addresses.” Whether the latter were physical or digital was not specified.
Though hashes were accessed, Social Blade claims users are safe in this regard because their passwords had never been stored by the company in plaintext. It also implied it had identified the vulnerability and patched it since becoming aware of the breach.
“We've already addressed the method that this third-party employed to gain access to the system, and we're doing additional reviews to ensure that the security of all of our systems are further hardened to prevent future incidents,” it said, adding that business users had been notified by email and their authentication tokens changed.
“Users who had connected their other social media accounts whereby an auth [sic] token was stored have been cycled as well where appropriate, ensuring no connected accounts are at risk,” it added. “We sincerely apologize [and] are doing everything we can to swiftly remedy this incident and prevent future incidents from occurring.”
A Cybernews researcher believes that – based on a cursory analysis of the hacker’s breach notification, posted on December 12 – the threat actor might have used a commonplace attack method known as an SQL injection to carry out the attack, although at the time of writing we were unable to prove this definitively.
The hacker, who claims to have breached Social Blade in September, added that they were looking to make no more than a couple of sales before deleting the thread advertising the data. No price was specified.
More from Cybernews:
Subscribe to our newsletter