Cyber Incident Victim: Livestream
Date:
Dec 2015
Location:
United States of America
Summary
Livestream experienced a security breach potentially exposing customer information including email addresses, encrypted passwords, birth dates, and phone numbers. The company confirmed no payment data was stored and required password resets for all users, though there was no indication encrypted passwords were decoded; the full scope of affected accounts and breach timeline remained under investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 24, 2015, Livestream, a New York-based video live-streaming service with 10,000 paying customers reported in 2014, notified users of a security breach that potentially exposed customer data. The company disclosed that unauthorized individuals may have accessed user information including email addresses, encrypted passwords, dates of birth, and phone numbers. Livestream explicitly stated it does not store credit card or payment information, eliminating financial data from the compromise. As a precautionary measure, the company mandated password resets for all users despite having no evidence that attackers had successfully decrypted the password data. Livestream did not publicly specify the number of affected accounts, the timeframe of the breach, or the methods used by the intruders during its initial disclosure. The company's email notification indicated an ongoing investigation to determine the full scope of the incident, but no further details about the intrusion timeline or detection methods were provided at the time of reporting.
The breach occurred during a year marked by significant consumer privacy incidents, including the UCLA Health System hack affecting 4.5 million patients and T-Mobile's breach exposing 15 million customers' personal information and Social Security numbers. Livestream's incident response focused on credential security through mandatory password resets while maintaining that critical payment data remained unaffected due to their storage practices. No information was released regarding potential misuse of exposed data, remediation efforts beyond password resets, or whether law enforcement had been engaged. The company's public communication emphasized the encrypted nature of compromised passwords but provided no technical details about the encryption strength or specific protective measures implemented post-breach. This disclosure concluded a year of heightened cybersecurity concerns across multiple industries, with Livestream joining other major organizations in confronting data exposure incidents during 2015.