620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts • The RegisterIn July 2018, the social bookmarking and sharing service ShareThis suffered a data breach. The incident exposed 41 million unique email addresses alongside names and in some cases, dates of birth and password hashes. In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly.
At ShareThis, protecting the security of the information in our possession is a responsibility we take very seriously. We write to notify you of a data security incident that may have exposed some of your personal information. This notice explains the incident and steps ShareThis has undertaken to address it. In addition, we provide guidance below on what you can do to protect your personal information.
On February 11, 2019, ShareThis became aware that it suffered a data security incident when it was informed that The Register published a story indicating that 16 companies, including ShareThis, were the victims of a data theft. We can tell from our initial investigations that email addresses, hashed passwords and some birth dates were impacted. The incident, unfortunately, only came to light when The Register reported that the hacker posted the data for sale on the dark web.
What Information Was Involved?
Although our investigation is ongoing, we believe that the incident occurred in July 2018 and your name, email and hashed password may have been acquired by an unauthorized person or persons. Please note that we have no indication that your password has been used by the hacker or other unauthorized individual. As a result, your personal data may have been compromised.
What We Are Doing.
We value your privacy and deeply regret that this incident occurred. ShareThis will be deactivating any ShareThis accounts associated with this email address. We are reviewing our internal systems and are in the process of working with forensic and data security experts to review this incident and to identify any additional measures we can take to further bolster our security.
What You Can Do.
We want to make sure that you have resources to protect your personal information. As noted above, we deactivated the ShareThis account associated with this email address, so no one will be able to log into it. However, we recommend that you change your password for any other accounts for which you use the same or similar email address or password and take other appropriate steps to protect your online accounts. We also encourage you to be cautious of spam or other phishing emails, including those that solicit personal data. You can also review the Steps You Can Take to Protect Your Personal Information below.
Other Important Information.
Maintaining the integrity of confidential information is extremely important to us. We sincerely apologize for any inconvenience this incident may have caused you. We are continuing to investigate this matter and will take appropriate action to prevent future similar incidents.
For More Information.
If you have any questions on this matter, you can email us at firstname.lastname@example.org. You can also visit our website at Data Privacy Incident.
Dana Hayes, Jr.
Chief Executive Officer