Users of Animoto, a popular slideshow platform for photographers, began receiving letters in the mail this week notifying them of a data breach that the company recently experienced.
In the letter, dated August 31, 2018, the company outlines when the breach happened and what data may have been compromised as a result. Although the company uses advanced security methods such as hashing and salting, they are unsure if the salt was accessed. Salting is a security method in which an additional value is added to the end of all user passwords. Salting adds an extra layer of security, particularly for users who use common passwords. However, if the salt value is discovered by breachers, all the breacher would have to do is add the salt value to the end (or beginning) of each word they try in their attack while guessing passwords.
Animoto admitted that users’ first names, last names, email addresses, hashed and salted passwords, geolocation, gender, and date of birth all may have been accessed during the breach. The company emphasized the fact that though they can't confirm if any information of any user was actually affected or removed from their systems, out of an abundance of caution, they are notifying their user base. As a result, the company is advising users to change their Animoto password, as well as the password of any online accounts that may match that of the user’s Animoto password.
Animoto is trying to be as transparent as they can about the data breach to users and outline what information was involved and the steps they’re taking to make sure a similar data breach doesn’t happen in the future.
The company urges its users to take other applicable steps to help protect all other online accounts and email addresses. In this day and age of technological theft, you can never be too careful.
Lead image by Pixabay.com via Pexels, used under Creative Commons.