Ask.FM

Ask.FM is a social networking platform centered on question-and-answer interactions, permitting users to pose inquiries to one another, often with the option for anonymity. Headquartered in Lithuania, the service has historically attracted a global audience, with its model facilitating both personal and public exchanges. The platform's operational scope is defined by this core Q&A functionality, which has positioned it within the competitive social media landscape. While precise user statistics are not detailed in the available incident report, the magnitude of a documented security event indicates a substantial user base and data footprint.

A critical security incident occurred in March 2020, resulting in the exposure of approximately 350 million user records. The breach involved usernames, email addresses, crackable password hashes, and linked social media identifiers, with about 45 million records additionally containing Single Sign-On credentials. The attacker's initial access was gained through a vulnerability in a WordPress server within Ask.FM's network, followed by the exfiltration of an internal database and later additional data including GitLab, Jira, and Confluence repositories. Despite the intruder's assertion that Ask.FM detected the activity and revoked certain compromised credentials, the company publicly denied that any security incident had taken place and did not inform users or regulatory bodies about the breach. The stolen data was subsequently offered for sale, with the seller claiming that unresolved vulnerabilities persisted due to insufficient remediation by the organization. This event highlights significant deficiencies in Ask.FM's cybersecurity defenses and incident response transparency, as the alleged failure to secure systems and acknowledge the breach left users' data at prolonged risk.