14 DAY TRIAL // Social Blade, an online service providing social media statistics and analytics, has been hacked, according to data breach index service LeakedSource.
The data LeakedSource received contained files from Social Blade's main service and its forum. At the time of writing, the company's forum is offline. According to a Google cache entry, the platform was running vBulletin v4.2.3, a very old version of the software.
LeakedSource says the main website dump contains 273,086 user records while the forum dump only 13,009 user accounts. For each user, the dumped data LeakedSource received includes an email address, IP address, username, user identifier, and one password.
Some passwords were not properly protected
The main site passwords were stored using a strong SHA512 algorithm and universal salt. The forum passwords were stored using a weak MD5 algorithm and using a unique salt per user.
The dumped data also included authentication tokens for YouTube, Instagram, and Twitter for thousands of users.
Softpedia has reached out to Social Blade, and the company has provided the following statement:
“ Social Blade is aware of a recent security breach that resulted in a partial database dump including user email addresses, IP addresses, and encrypted password information. The breach was the result of a vulnerability in 3rd party forum software, which we've made the conscious decision to discontinue using entirely. In response to the incident, we've temporarily disabled all user logins until we're able to notify & force password resets on all users. We take the privacy and security of our users extremely seriously and are working tirelessly to ensure this type of incident will not happen in the future. ”
Solving YouTube controversies with hacked data
Because the dumped data breach files included statistics on some of the larger social media subscriber bases, LeakedSource embarked on solving a YouTube community controversy.
LeakedSource used the data it received to address the LeafyIsHere debate. This "wealthy elite" issue revolves around a series of allegations against one of YouTube's most popular users, who was accused of buying subscribers, in a tactic known as sub botting.
If these accusations prove to be true, then YouTube would have to ban one of its most popular channels. This YouTube video details all the charges.
According to the video, the user LeafyIsHere, a kid who just comments on various topics, has made fun of a person with Down syndrome, after which he started losing subscribers on his channel.
Other YouTube channel owners detected a huge spike of new subscribers in the middle of this event and accused LeafyIsHere of sub botting.
LeakedSource's analysis of the dumped data didn't yield conclusive evidence to sustain the sub botting accusations, but the company did find something else that could be categorized as "strange."
"Everything above this point is nice and predictably smooth. We did however notice strangeness with [the year] 2014," LeakedSource writes, pointing to two events in June and December 2014, when LeafyIsHere's account also recorded repeated spikes and a quick subscribers growth, as pictured in the image below. Otherwise, LeakedSource says Leafy is clean.
