Customers of Chatbooks, a photo book-making company that turns users’ Instagram posts into books, have been warned that their data has fallen into the hands of hackers.
In a statement posted on the Chatbooks website, the company’s CEO Nate Quigley described how the firm had learned last week that information related to users had been stolen from its database.
According to an investigation conducted by third-party experts called in by Chatbooks, the security breach is thought to have occurred on March 26 2020.
Although the majority of the data stolen consisted of users’ names, email addresses, salted and hashed passwords, a “small proportion” of affected records also included users’ phone numbers, Facebook IDs, and social media access tokens.
Users are being advised to change their passwords as soon as possible:
“Even though the stolen Chatbooks passwords were not stolen in plain text format, as a precaution we recommend that you change your password at your earliest convenience.”
What’s disappointing, however, is to see no advice given to users to ensure that they are not using the same passwords on any other websites. Past breaches have proven, time and time again, that many people are in the habit of using the same password at different websites, meaning that a password breach at one site could lead to a hacker also gaining access to other online accounts.
For instance, you may not care a great deal if your Chatbooks account password is breached, but you certainly do not want a hacker to be able to use the information to also unlock – for instance – your email account.
Fortunately, payment card information which customers may have used to purchase photo books has not been compromised – for the very simple reason that Chatbooks does not store such details in its database. Furthermore, the company says that it has not seen any evidence that photographs were accessed by the hackers.
ZDNet reported this weekend that a hacking group known as ShinyHunters is claiming to be responsible for the Chatbooks breach and is offering to sell 15 million breached user records for US $3,500 via an underground criminal website.
The same hacking gang claim to have stolen millions of user records from the Zoosk dating app, the Home Chef food delivery service, the online art and design marketplace Minted, and others.