Breach, Cloud Security, Threat Management, Data Security

Cloud-based video creation service Animoto alerts California DOJ of possible data theft

The cloud-based video creation service Animoto disclosed to the California Attorney General's office last week that it discovered suspicious systems activity indicative of a July 10 breach that may have resulted in stolen information.

Affected data includes birth dates, geolocation, genders, email addresses and hashed and salted passwords. It is not known if the salt key for these passwords was also acquired; however, payment card information does not appear to be impacted.

According to Animoto's submitted notification, the company began investigating after receiving an alert of unusual activity on July 10. "Upon review, Animoto identified queries being run against its user database. Animoto immediately stopped the queries and launched an investigation with the assistance of third-party experts," the disclosure document states. On August 6, 2018, Animoto's investigation confirmed the queries were unauthorized and that user data may have been obtained on or around July 10, 2018."

Based in New York with an office in San Francisco, Animoto began informing potentially impacted individuals on Aug. 16, the notification continues, adding that in response to the incident, the company has changed employee and system passwords and is instructing users to do the same to their own passwords. Animoto also reduced the number of users who can access certain systems.

“Breaches in cloud environments are often the result of misconfigurations and poor security hygiene. With cloud attacks being increasingly automated, the timeframe to detect and respond is extremely brief," said Zohar Alon, CEO and co-founder of Dome9, in emailed comments. " Any door left open will be discovered and quickly used to exploit an organization's valuable assets. Businesses need to monitor their threat landscape on a real-time basis and enforce security discipline. Continuous compliance and active cloud protection are essential to keeping sensitive information safe and secure.”

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.