Cyber Incident Victim: Animoto
Date:
Jul 2018
Location:
United States of America
Summary
A cloud-based video maker service experienced a data breach involving unauthorized access to personal information including names, email addresses, dates of birth, and geolocation data, though not all users had geolocation details stored. Scrambled passwords protected by hashing and salting were also exposed, while payment data remained unaffected due to separate storage systems. The company detected suspicious activity on its systems, prompting password resets for employees and reduced access privileges to critical infrastructure. While the exact number of compromised accounts remains unknown, all users of the platform were notified as a precautionary measure. The breach was confirmed several weeks after initial detection, with authorities subsequently informed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 10, 2018, Animoto, a New York City-based cloud video creation service for social media platforms, experienced a cybersecurity breach involving unauthorized access to its systems. The company confirmed the incident in early August 2018 and subsequently reported it to the California attorney general’s office. Hackers accessed user personal information including names, email addresses, and dates of birth during the intrusion. Additionally, scrambled password data protected through hashing and salting techniques was exposed, though Animoto stated these cryptographic safeguards would make it difficult to decipher actual passwords. Geolocation information for some users was also compromised, though the company clarified it did not maintain such data for all accounts. Payment information remained unaffected as it resided in separate systems isolated from the breached environment. Animoto CEO Brad Jefferson acknowledged the company could not determine whether attackers had successfully exfiltrated the exposed data, nor could they specify how many of their 22 million users were definitively impacted, though all users received breach notifications as a precautionary measure.
Animoto attributed the breach to unidentified "suspicious activity" detected on its network but did not disclose technical details about the intrusion method or attacker origins. In response, the company initiated password resets for all employee accounts and implemented reduced access privileges to critical systems to limit potential attack surfaces. The breach occurred amid heightened scrutiny of social media platform security following Timehop’s July 2018 breach affecting 21 million users, though Animoto’s communications did not draw direct parallels between the incidents. No evidence suggested customer payment systems or financial data were accessed during the breach. The company maintained operational continuity throughout the investigation and notification process while undertaking unspecified security enhancements to prevent recurrence.