Promo.com discloses data breach of about 22M user records leaked online. On July 21, 2020, the team of promo.com became aware of a data security vulnerability on a 3rd party service that had caused a breach affecting certain non-finance related Slidely and Promo user data. They stopped immediately all the suspicious activity and launched an internal investigation to further learn about what really happened. See full Promo Notification here.
Promo.com is an Israel based video creation site, which allows users to create promotional videos, ads that can be shared on social media sites like Youtube, Instagram, Facebook, LinkedIn. The leaked User database of 22 million users was on sale for free on a hacker forum.
Promo also stated that no financial information was exposed, but users IP addresses which can approximate user location and users hashed and salted passwords were disclosed. To secure the user data Promo put on a mandatory reset on all affected accounts.
Cybersecurity Intelligence firm CloudSEK stated in a report that the data breacher posted a database containing 22.1 million user records on a hacker forum. This data has the user’s names, email addresses, genders, geographic locations. It also contains the decrypted passwords of 1.4 million users which can easily be used by attackers to log in to the user account.
What Promo Users should do if they’ve been exposed in the breach
- If you’re a Promo user you should immediately change your password to one that is strong and unique.
- A Password manager is highly recommended to use a unique password at every site the user visits.
- To check whether your data is been exposed https://haveibeenpwned.com/ have added the breached database to their site.
To avoid such breach in future Promo has completely removed the vulnerable 3rd party services. They’ve hired a Top Cyber Security Firm to further secure the user data.