The ShareThis data breach affected more than 40 million users in July 2018. What was the leaked information? And how can you secure your data?
Introduction
Data breaches happen anytime. So, we are almost used to it. Especially if you have never experienced the damage of a breach.
But in 2019, a single breach affected 16 websites. We believe now is the time to take breaches seriously.
The breach
Reports stated the 16 affected websites:
- Dubsmash (162 million)
- MyFitnessPal (151 million)
- MyHeritage (92 million)
- ShareThis (41 million)
- HauteLook (28 million)
- Animoto (25 million)
- EyeEm (22 million)
- 8fit (20 million)
- Whitepages (18 million)
- Fotolog (16 million)
- 500px (15 million)
- Armor Games (11 million)
- BookMate (8 million)
- CoffeeMeetsBagel (6 million)
- Artsy (1 million)
- DataCamp (700,000)
Thus, as we can see, ShareThis fits the top five spots. It is one of the companies that got affected the most.
ShareThis Data Breach
ShareThis posted a notice for their users. However, they discovered it late. How so?
The breach happened in July 2018. Yet, they discovered the breach in February 2019.
Moreover, they learned about the incident only after they saw a report. And its databases are already for sale on the dark web.
The leaked information
In ShareThis’ investigation, the breach leaked the following data:
- unique email addresses
- names
- usernames
- addresses
- gender
- hashed passwords
- some birthdates
- other profile info
Also, the leak involves 2.7GB of stolen data. Hackers posted it to the dark web marketplace. And it was sold for less than $20,000 Bitcoin.
Their response to the breach
In their notice, they apologized to their users. Also, they deactivated the accounts that belonged to the breach.
Moreover, they reviewed their systems. It helps them find out the cause of the incident.
Additionally, they worked with forensic and data experts. So, they can identify what they need to do. Thus, they can improve their security.
Alert to the affected users
ShareThis sent notification emails to the affected users. Moreover, they informed them if their hashed passwords or birthdates are leaked.
What you can do
As mentioned, they deactivated the affected accounts. It includes those accounts before January 2017.
You may think, “I haven’t logged into ShareThis for a while.” But, think about this, too: “Did I use the same email or passwords to my other accounts?”
If yes, hackers can still use your emails and passwords! Worse, they can use that to log in to your Facebook or bank account.
Hence, we suggest you change your passwords. Also, do not wait for breaches to happen before you do!
You can also follow these good password habits:
- Change your passwords regularly. Especially if there is a big data breach.
- Use different passwords for every website. Never reuse the same one! If a breach happens in one site, they can use the same login details to your other accounts.
- Make strong and creative passwords. You can add a combination of capital and small letters. Also, add numbers and symbols.
Remember, data breaches can happen anytime. So, take security seriously.