How Promo.com got hacked?

A new data breach victim has been reported. The marketing video creation website Promo.com revealed that an intrusion allowed one of its databases (with more than 20 million records) to leak into a hacking forum.

Security firm CloudSEK found that a hacker recognized for selling stolen information posted the database on a dark web forum. Details include full names, email addresses, location data, plus 2 million encrypted passwords.

The database also included nearly 1.5 million decrypted passwords, so threat actors could try to access compromised accounts through credential-filling attacks and even try to access other platforms (email, social media, among others). The post was removed from the hacking forum, although soon after another hacker republished the ad, although it is ignored if this base also contains decrypted information.

After the database was exposed, Promo sent a notification that the incident occurred because a partner company suffered an intrusion: “On July 21, our security team detected a security breach on a third-party service, resulting in improper access to Promo user data; the intrusion was immediately blocked and an internal investigation was initiated.”

Although the company specified that its users’ financial information was not compromised, the hackers did access confidential information.

While the passwords leaked in this incident were encrypted, threat actors could start decrypting them, leading to new problems. After decrypting a user’s password, hackers could use it in credential-filling attacks on other sites. Because of this, Promo customers are advised to immediately reset passwords for all their online accounts. Implementing other protective measures, such as using password managers, can also help prevent incident-related attacks.