Christopher Bouzy
A
thread 1/2
鉀旓笍馃摙I have released a statement regarding a security incident that we were notified about earlier this morning.

You can also read the full statement here: https://help.spoutible.com...
10:03 AM - Feb 04, 2024
Avatar Avatar Avatar
0
92
309
Christopher Bouzy
A
thread 2/2
Today at 1 PM EST, we will discuss this incident and address your concerns.

Join us here: https://spoutible.com/pod/...
10:03 AM - Feb 04, 2024
6
89
Holly Jahangiri
A
In response to Christopher Bouzy.
For anyone who missed the email, the details, the update - https://www.troyhunt.com/h...

270K plus all this personal data seems like a LITTLE more than "some emails and a few phone numbers."
02:24 PM - Feb 06, 2024
0
0
Dan Nguyen
A
In response to Christopher Bouzy.
I was able to change my password, but I noticed Spoutible doesn't send an email notifying the user of the p/w change. Nor does it expire active sessions (i.e. on my other laptop where I had been logged in, the p/w change didn't log me out)

Is there a plan to invalidate sessions just to be sure?
06:06 PM - Feb 05, 2024
0
2
Susan A. Kitchens
A
In response to Christopher Bouzy.
Christopher, as if you're not busy enough today, the 'password change and BTW, enable 2FA' revealed what I first thought was a cosmetic bug but in this case the cosmetics are pretty critical.

Bug report 6379 filed and also written about/demonstrated here:

https://spoutible.com/thre...
03:25 PM - Feb 05, 2024
0
2
Harmony
A
In response to Christopher Bouzy.
Thank you for taking time out of your busy day to explain what happened. I always assume that my personal data is at risk regardless of SM sites. I mean credit report sites get hacked. I don't even need to be on internet for my information to be compromised. Thank you again for all you do.
03:00 PM - Feb 05, 2024
0
2
Dan Nguyen
A
In response to Christopher Bouzy.
What does 鈥渟ome cell phone numbers鈥 mean?
02:12 PM - Feb 05, 2024
0
0
Fireblazes 鉁旓笍
A
In response to Christopher Bouzy.
Wendy鈥檚 Credit Card Breach Across 300 Stores Caused by PoS Malware
https://www.trendmicro.com...
01:27 PM - Feb 05, 2024
0
1
Arthur Grupp
A
In response to Christopher Bouzy.
Mr. Bouzy, i鈥檓 trying to change my password but the system says my old one is wrong. It鈥檚 the only one i鈥檝e had and i鈥檝e been unable to continue. 馃檹馃徎鉂わ笍馃惓鉂わ笍馃挋鉁婐煆
12:59 PM - Feb 05, 2024
0
0
ALIS ITLATOL
A
In response to Christopher Bouzy.
heya @cbouzy I tried to do the 2 step authentication this morning... the QR code I got is corrupted

if yous want to talk to me abt this, let me know
may be time sensitive?
11:55 AM - Feb 05, 2024
0
0
Apple Freak
A
In response to Christopher Bouzy.
Saw this from Troy's writeup and had to make an account. That disclosure report minimizes what was leaked so hard I'd call it actively deceptive. No, the passwords themselves weren't leaked, but when you include the actual unsalted hashes, 2FA seeds, and PW reset codes, is that really any better?
11:04 AM - Feb 05, 2024
1
1
Apple Freak
A
In response Apple Freak to their Spout
For the tech averse, this means that even without access to your email, anyone can reset your password and take over your account, even with 2FA enabled. And, even then, it'd be easy enough to decrypt your password from what was leaked and get your original password in plaintext.

That's abysmal.
11:13 AM - Feb 05, 2024
0
3
Greg Pak
A
In response to Christopher Bouzy.
I received the email, but it did not say whether my own specific personal data was exposed. Was EVERYONE'S data exposed? Or did it happen to just some people, and will you be notifying us if we were specifically among those people? Thank you.
08:46 AM - Feb 05, 2024
0
1
Holly Jahangiri
A
In response to Greg Pak.
I didn't see an email until this morning's from haveibeenpwned
10:36 AM - Feb 05, 2024
0
2
K茅vin Costelloe
A
In response to Christopher Bouzy.
I'm sorry but this isn't good enough. I received a flag from haveibeenpwned on my domain, then I came here and couldn't easily find anything without searching #spoutible and finding a random post that pointed me to this post - do better.

Have you notified an EU Data Protection Authority ?
04:34 AM - Feb 05, 2024
2
1
Bren
A
In response to K茅vin Costelloe.
You have 2 spouts, follow 1 and have 1 follower. How much are you actually invested in Spoutible?
08:18 AM - Feb 05, 2024
2
2
Holly Jahangiri
A
In response to K茅vin Costelloe.
Yes, same here. Notification a week after the fact is not good enough.
10:39 AM - Feb 05, 2024
1
1
Mark Goodge
A
In response to Christopher Bouzy.
People should read Troy's write-up here https://www.troyhunt.com/h...
04:17 AM - Feb 05, 2024 (Edited)
1
1
🤘 Raymond M. Black 🤘 🐉
A
In response to Mark Goodge.
@cbouzy , this link, from the person you referenced in the disclosure page, says a lot more info was disclosed. Is this accurate or is he providing incorrect information?
08:34 AM - Feb 05, 2024
0
0
Jonathan Wittstock
A
In response to Christopher Bouzy.
This sounds like more than just emails and some numbers
03:24 AM - Feb 05, 2024
0
4
Robert Short
A
In response to Christopher Bouzy.
Your honesty and transparency generally but specifically re: Spoutible have been consistent since months before its launch. I know it is a big reason I and many others have such faith in Spoutible and you. Thank you.
02:06 AM - Feb 05, 2024
0
2
Becky Helton
A
In response to Christopher Bouzy.
I didn't get an email, going to reset my password now. I use the website on Firefox on my laptop and on Silk on my Kindle.
06:53 PM - Feb 04, 2024
1
3
R o K p h i s h
A
In response to Becky Helton.
I'd advise checking your Spam folder and perhaps whitelisting the Spoutible address if needed.
06:59 PM - Feb 04, 2024
1
2
Blissful Way
A
In response to Christopher Bouzy.
@cbouzy
Thank you for your swift response and transparency.
I feel confident in the Spoutible team and your hands.
Password changed - Will do 2FA later in the day.
Onward and upward!
05:09 PM - Feb 04, 2024
0
5
Thomas Liljeruhm
A
In response to Christopher Bouzy.
馃挋馃惓
04:44 PM - Feb 04, 2024
0
12
Auntie D ?
A
In response to Christopher Bouzy.
Received the email. Don't know what I should do regarding my phone number. Should I change it. But its the only number I have. To get a new simcard, phone number......Same with my email.
02:49 PM - Feb 04, 2024
1
1
Ethical Atheist
A
In response to Auntie D ?.
You may get some spam texts or e-mails but no need to change your phone number or e-mail address.
03:24 PM - Feb 04, 2024
0
5
ecsbrooklyn
A
In response to Christopher Bouzy.
Question for anyone: in trying to set up 2FA, I see that the authenticator apps Spoutible suggests are for phones. Is there a trusted one for desktops as well? I have a Mac. Or is there a built-in way to set it up without an app? Thanks!
#2FA #ResetYourPassword
12:33 PM - Feb 04, 2024
0
3
Anne King
A
In response to Christopher Bouzy.
Chris, we love you & everyone at the Spoutible team.
12:21 PM - Feb 04, 2024
0
1
Mac Chambliss
A
In response to Christopher Bouzy.
Thanks for the transparency
12:00 PM - Feb 04, 2024
0
4
Craig Tyler
A
In response to Christopher Bouzy.
Thank you for caring so much about us.
11:44 AM - Feb 04, 2024
0
1
Debbie Lu
A
In response to Christopher Bouzy.
Good morning @cbouzy !

Would the breach or the recent update cause the platform to be slower? I am experiencing lag in opening the app, navigating from spot to spot, etc. i have closed and reopened, restarted device etc without improvement.
11:34 AM - Feb 04, 2024
2
2
Haruka
A
In response to Debbie Lu.
It鈥檚 happening to my wife and I, too.
12:52 PM - Feb 04, 2024
0
1
LilTaiz
A
In response to Debbie Lu.
It鈥檚 happening on my iPad but not my iPhone.
12:55 PM - Feb 04, 2024
0
1
Eve
A
In response to Christopher Bouzy.
Thank you for informing us; changed my password and reset 2 Factor Auth.
11:26 AM - Feb 04, 2024
0
2
Kingdom Hearts Wiki
A
In response to Christopher Bouzy.
Some people said they received an email about the data breach, but it seems like other people did not (the user who primarily runs the KHWiki account receives emails through her personal email). Is that a glitch or were emails only sent to those who directly affected by the data breach?
11:25 AM - Feb 04, 2024
1
4
L Geisenest
A
In response Kingdom Hearts Wiki to their Spout
I didn鈥檛 see one come in. But when I did a search for Spoutible in my emails, it was there.
04:02 AM - Feb 05, 2024
0
0
Shai
A
In response to Christopher Bouzy.
I just saw this in my email. As always, I appreciate the transparency.
11:14 AM - Feb 04, 2024
0
0
Jonathan Meyers
A
In response to Christopher Bouzy.
Consider all the breaches, security incidents, & damage to people & institutions caused by other social media networks, and how afterwards the CEOs deny, distract & dissemble. But on Spoutible we get honesty & integrity: "As the CEO of Spoutible, I accept full responsibility for this incident."
11:13 AM - Feb 04, 2024
0
21
Kingdom Hearts Wiki
A
In response to Christopher Bouzy.
Thank you for the heads-up. Data breaches are going to happen, and God knows how many times users had to find out through the news outlets rather the companies themselves. You were prompt in addressing the issue, informing us, and taking responsibility - a rarity in this day and age. Thanks again.
11:10 AM - Feb 04, 2024 (Edited)
0
12
Mynxie
A
In response to Christopher Bouzy.
Thank you for being so transparent about the incident. This upfront honesty, on all matters, as the default mode is a huge part of what makes Spoutible such an incredible platform!
11:07 AM - Feb 04, 2024
0
8
Jamie Daniel
B
In response to Christopher Bouzy.
I appreciate your swift response and transparency. 馃憦馃徏
11:06 AM - Feb 04, 2024
0
3