Social Blade confirms breach after hacker posts stolen user data

Social media analytics platform Social Blade has confirmed they suffered a data breach after its database was breached and put up for sale on a hacking forum.

Social Blade is an analytics platform that provides statistical graphs for YouTube, Twitter, Twitch, Daily Motion, Mixer, and Instagram accounts, allowing customers to see estimated earnings and projects.

The company offers an API allowing customers to integrate the Social Blade data directly into their own platforms.

After BleepingComputer contacted Social Blade about the sale of their data, the company confirmed that they suffered a breach and began sending data breach notifications to customers.

"On December 14th we were notified of a potential data breach whereby an individual had acquired exports our users database and were attempting to sell it on a hacker forum," reads a data breach notification sent to customers.

"Samples were posted and we verified that they were indeed real. It appears this individual made use of of a vulnerability on our website to gain access to our database."

This data breach notification states that customers that a hacker managed to access the company’s database and steal the following information:

• Email addresses
• Password hashes
• Client IDs
• Tokens for business API users
• Auth tokens for connected accounts
• Various non-personal and internal data

The notice clarifies that no credit card information has been exposed due to this security incident.

While Social Blade states that the user passwords were hashed using the bcrypt algorithm and cannot be easily deciphered, the company still suggests that all users reset their passwords. However, there won’t be a platform-wide reset of credentials.

The authorization tokens for Business users and connected social media accounts have also been cycled, preventing threat actors from continuing to use the ones listed in the stolen database.

In response to further questions about whether auth tokens were abused in this attack, SocialBlade sent BleepingComputer the following statement:

Social Blade for sale on a hacker forum

BleepingComputer first learned of the data breach when a threat actor began selling the company's data on Monday, December 12th.

In a forum post to the Breached hacking forum, a threat actor claimed that the data was stolen in September 2022 and was willing to sell it to a maximum of one to two people.

The hacker claimed the stolen database held 5.6 million records and shared samples of the exfiltrated data, including IP addresses, emails, database structure, etc.

BleepingComputer contacted Social Blade at the time to request a comment on the validity of the samples and got a confirmation that the data appeared authentic.

The company says it has now addressed the security gap the intruder exploited to gain access to its systems and now performs additional checks to ensure that all systems are adequately hardened to prevent similar incidents in the future.

“We are too aware that bad actors will continue to attempt to infiltrate IT infrastructure around the world, and rest assured we at Social Blade will never be complacent in hardening our security and defenses,” reads the notice.

Social Blade urges users to remain vigilant against phishing attempts that typically accompany large-scale data breaches, impersonating the breached company to steal passwords and credit card numbers.

Update 12/16/22: Added SocialBlade's response regarding authorization token.