[BreachExchange] Social Bluebook was hacked, exposing 217,000 influencers’ accounts

Destry Winant destry at riskbasedsecurity.com
Mon Mar 30 10:33:08 EDT 2020


https://techcrunch.com/2020/03/27/social-bluebook-hacked/

A social media platform used to match advertisers with thousands of
influencers has been hacked.

Social Bluebook, a Los Angeles-based company, allows advertisers to
pay social media “influencers” for posts that promote their products
and services. The company claims it has some 300,000 influencers on
its books.

But in October 2019, the company’s entire backend database was stolen
in a data breach.

TechCrunch  obtained the database, which contains some 217,000 user
accounts — including influencer names, email addresses, and passwords
hashed, which had been scrambled using the strong SHA-2 hashing
algorithm.

It’s not known how the database was exfiltrated from the company’s
systems or who was behind the breach.

We contacted several users who when presented with their information
confirmed it as accurate. We also provided a portion of the data to
Social Bluebook co-founder Sam Michie for verification.

“We have just now become aware of this data breach that occurred in
October 2019,” he told TechCrunch in an email Thursday.

He said affected users will be informed of the breach by email. The
company also informed the California attorney general’s office of the
breach, per state law.

Social media influencers are a constant target for hackers, who often
try to hijack accounts with popular handles or high follower counts.
Some influencers have relied on white-hat hackers to get their
hijacked accounts back.

Last year, an Indian social media firm left a database of Instagram
influencers online, which included phone numbers and email addresses
scraped from their profiles.


More information about the BreachExchange mailing list