ShareThis breach notification

In my inbox last night:

Hello,

At ShareThis, protecting the security of the information in our possession is a responsibility we take very seriously. We write to notify you of a data security incident that may have exposed some of your personal information. This notice explains the incident and steps ShareThis has undertaken to address it. In addition, we provide guidance below on what you can do to protect your personal information.

What Happened?
On February 11, 2019, ShareThis became aware that it suffered a data security incident when it was informed that The Register published a story indicating that 16 companies, including ShareThis, were the victims of a data theft. We can tell from our initial investigations that email addresses, hashed passwords and some birth dates were impacted.  The incident, unfortunately, only came to light when The Register reported that the hacker posted the data for sale on the dark web.

What Information Was Involved?
Although our investigation is ongoing, we believe that the incident occurred in July 2018 and your name, email and hashed password may have been acquired by an unauthorized person or persons. Please note that we have no indication that your password has been used by the hacker or other unauthorized individual. As a result, your personal data may have been compromised.

What We Are Doing.
We value your privacy and deeply regret that this incident occurred.  ShareThis will be deactivating any ShareThis accounts associated with this email address.  We are reviewing our internal systems and are in the process of working with forensic and data security experts to review this incident and to identify any additional measures we can take to further bolster our security.

What You Can Do.
We want to make sure that you have resources to protect your personal information.  As noted above, we deactivated the ShareThis account associated with this email address, so no one will be able to log into it.  However, we recommend that you change your password for any other accounts for which you use the same or similar email address or password and take other appropriate steps to protect your online accounts.  We also encourage you to be cautious of spam or other phishing emails, including those that solicit personal data. You can also review the Steps You Can Take to Protect Your Personal Information below.

Other Important Information.
Maintaining the integrity of confidential information is extremely important to us. We sincerely apologize for any inconvenience this incident may have caused you. We are continuing to investigate this matter and will take appropriate action to prevent future similar incidents.

For More Information.
If you have any questions on this matter, you can email us at [email protected].  You can also visit our website at https://www.sharethis.com/data-privacy-incident.

Sincerely,

 

Dana Hayes, Jr.
Chief Executive Officer

Steps to take followed, but you’ve probably got them memorized by now. If not, follow the link to their site’s incident page.

About the author: Dissent

3 comments to “ShareThis breach notification”

You can leave a reply or Trackback this post.
  1. mvyrmnd - March 4, 2019

    My details were in this breach, but I have never held an account with ShareThis.

    Something really stinks here. They’ve collected my data from somewhere without my consent.

    • Upset User - March 4, 2019

      That was my reaction as well !! What password was stoken?? I’ve never supplied a password to ShareThis

      • Dissent - March 4, 2019

        Make that three of us, but I’m older than dirt so I figured maybe I just forgot that I had signed up at some point. I’m still uncertain.

Comments are closed.