Popular Social Media Statistics Provider “Social Blade” is the recent victim of cyber attack. Service was hacked this month and its users’ data was accessed. While writing this story, the company’s forum is offline.
LeakedSource says that the main website contains 273,086 user records while the forum dump only has records of 13009 uses. Leaked records including email address, IP address, username, user identifier, and one password.
Website’s records were using the strong SHA512 algorithm and universal salt to store passwords. On the other hand, the forum was using the weak MD5 algorithm to store data.
This leaked dump also includes authentication tokens for YouTube, Instagram, and Twitter for thousands of users.
According to Google Cache, it was found that the platform was using vBulletin v4.2.3, a very old version of the software. This could be the reason of this hack. As this old version of vBulletin has few known vulnerabilities.
In an email to Softpedia, Social Blade confirmed that the company is aware of the recent security breach which leaked partial database. It also said that the breach was the result of a vulnerability in 3rd party forum software.
It is surprising to see how companies ignore security updates and puts their users at big risk. Social Blade should have taken this seriously.
If you are a user of Social Blade, you must change your password right now. If you are using the same email and password combination of few other websites, it is the time to change all the passwords to avoid any security risk.
