A social media platform used to match advertisers with thousands of influencers has been hacked.

Social Bluebook, a Los Angeles-based company, allows advertisers to pay social media “influencers” for posts that promote their products and services. The company claims it has some 300,000 influencers on its books.

But in October 2019, the company’s entire backend database was stolen in a data breach.

TechCrunch obtained the database, which contains some 217,000 user accounts — including influencer names, email addresses, and passwords hashed, which had been scrambled using the strong SHA-2 hashing algorithm.

It’s not known how the database was exfiltrated from the company’s systems or who was behind the breach.

We contacted several users who when presented with their information confirmed it as accurate. We also provided a portion of the data to Social Bluebook co-founder Sam Michie for verification.

“We have just now become aware of this data breach that occurred in October 2019,” he told TechCrunch in an email Thursday.

He said affected users will be informed of the breach by email. The company also informed the California attorney general’s office of the breach, per state law.

Social media influencers are a constant target for hackers, who often try to hijack accounts with popular handles or high follower counts. Some influencers have relied on white-hat hackers to get their hijacked accounts back.

Last year, an Indian social media firm left a database of Instagram influencers online, which included phone numbers and email addresses scraped from their profiles.


Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849. 

Source link

Author