Il noto sito web Social Blade, sviluppato per le analisi dei profili social, è stato vittima di un attacco hacker. I ladri digitali hanno sfruttato una vulnerabilità del sito per avere accesso ai dati sensibili. Il comunicato ufficiale è stato notificato questa notte direttamente dal team di Social Blade ai suoi utenti. Sembrerebbe ci sia stato anche un tentativo di vendita di tali dati.
In gergo tecnico si chiama data breach: (fuga di dati) la diffusione intenzionale o non intenzionale, in un ambiente non affidabile, di informazioni protette o private/confidenziali. Pertanto per sicurezza vi consigliamo di aggiornare la password di accesso alla vostra email (ovviamente se vi siete registrati sul sito). Questo è stato il comunicato inviato:
We want you to be aware of an incident involving your Social Blade account information. While we believe the actual impact of this incident is minimal, we want to ensure you have the correct information and tools to keep your account secure and we believe you have a right to know what happened.
On December 14th we were notified of a potential data breach whereby an individual had acquired exports our user database and were attempting to sell it on a hacker forum. Samples were posted and we verified that they were indeed real. It appears this individual made use of a vulnerability on our website to gain access to our database.
Please be assured, the data leaked does not include any credit card information, but it does include other data that could be considered personal information. Notable pieces of information include email addresses, IP addresses, password hashes, clientids and tokens for our business API users, auth tokens for connected accounts, and many other pieces of non-personal and internal data. A very small subset of the data (about a tenth of a percent) also included addresses. While account password hashes were leaked, we have never stored your password in plain text so your password is still secure. Technically speaking, passwords are hashed using the bcrypt algorithm. The way bcrypt works is computationally slow, due to the complexity of bcrypt we’ve determined resetting everyone’s passwords was not a necessary step. To be extra safe, while not required, it wouldn’t hurt to change your password.
What we’re doing
We’ve already addressed the method that this third-party employed to gain access to the system, and we’re doing additional reviews to ensure that the security of all of our systems are further hardened to prevent future incidents. Business API users were already notified via a separate email that their auth tokens had been changed to prevent access by any third party. Users who had connected their other social media accounts whereby an auth token was stored have been cycled as well where appropriate ensuring no connected accounts are at risk.
We sincerely apologize to you for any inconvenience this situation may cause. We want to assure you that we are doing everything we can to swiftly remedy this incident and prevent future incidents from occurring. We are all too aware that bad actors will continue to attempt to infiltrate IT infrastructures around the world, and rest assured we at Social Blade will never be complacent in hardening our security and defenses.
We’d also like to remind you that no one at Social Blade will ever reach out to you to ask for a password or credit card number over email. Please be vigilant of anyone contacting you claiming to be us. If in doubt reach out to our support team at https://support.socialblade.com/ .
The Social Blade Team