What Happened
In July 2018, Animoto, a cloud-based video creation service, suffered a data breach when unauthorized queries were run against its user database on July 10, 2018, which the company discovered and immediately halted. The breach exposed approximately 22 million user accounts with over 25 million total records, including personal information such as email addresses, first and last names, dates of birth, countries of origin, geolocation data, gender, and salted and hashed passwords. The company confirmed the unauthorized access on August 6, 2018, and began notifying affected users on August 16, 2018. Payment card data was not compromised as it was stored in a separate system. In response, Animoto reset employee passwords, reduced employee access to critical systems, urged users to change their passwords, worked with third-party forensic experts to investigate the incident, reported it to law enforcement and the California Attorney General, and implemented enhanced network security measures to prevent future unauthorized access.
