Promo, a video creation platform for businesses and agencies, confirmed that they had suffered a data breach which resulted in the exposure of approximately 14.6 million user accounts. The Promo team identified that the root cause of the incident was due to a vulnerability on an undisclosed third-party service. Promo confirmed that the affected database includes personal information such as first name, last name, email addresses, IP addresses, approximated user location, gender, and salted SHA-256 password hashes.
Promo stated that they had sent an alert to their customers to inform them of the data breach and that had completely removed the vulnerable third-party service. Additionally, Promo stated that they were working with a cybersecurity firm to improve their security posture. At the time of writing, there is no evidence to confirm that the exposed Promo users’ data was misused or disseminated publicly.
Nuspire recommends Promo users to use the following measures to prevent potential exploitation of the users’ information:
– Change your passwords as soon as possible
– Use password managers and enforce multi-factor authentication (MFA) to user accounts
– Never use same password across multiple accounts