Animoto, a cloud-based video maker service for social media sites, has revealed a data breach.
The breach occurred on July 10 but was confirmed by the company in early August, and later reported to the California attorney general.
Names, dates of birth and user email addresses were accessed by hackers, but the company said it wasn’t known if data had been exfiltrated. The company also said that users’ scrambled passwords were exposed in the breach, but it wasn’t clear if the hackers gained the private key, which could be used to reveal the passwords in plain text.
The company also said in a security announcement that user geolocations were also exposed to hackers, but noted that it “does not keep geolocation information for all users.”
Payment data is not thought to be affected as it’s stored in a separate system, the company said.
Animoto did not immediately return a request for comment. TechCrunch will update once we learn more.
The New York City-based company did not say how many users were affected by the breach, but last August claimed more than 20 million users on its platform.
Animoto is the latest social media service to be breached. Last month, Timehop revealed a breach affecting 21 million users, exposing their names, email addresses, gender and dates of birth. Timehop’s breach was largely attributable to the company’s lack of two-factor authentication on its network, which helps prevent hackers from reusing already exposed credentials from breaches of other sites and services.
Animoto didn’t say how its breach occurred but pointed to “suspicious activity” on its systems. The company also said it reset employee passwords and reduced employees’ access to critical systems.
Source: Techcrunch Disrupt