1/2
⛔️📢I have released a statement regarding a security incident that we were notified about earlier this morning.
You can also read the full statement here: https://help.spoutible.com...
You can also read the full statement here: https://help.spoutible.com...
10:03 AM - Feb 04, 2024
2/2
Today at 1 PM EST, we will discuss this incident and address your concerns.
Join us here: https://spoutible.com/pod/...
Join us here: https://spoutible.com/pod/...
10:03 AM - Feb 04, 2024
In response to Christopher Bouzy.
For anyone who missed the email, the details, the update - https://www.troyhunt.com/h...
270K plus all this personal data seems like a LITTLE more than "some emails and a few phone numbers."
270K plus all this personal data seems like a LITTLE more than "some emails and a few phone numbers."
02:24 PM - Feb 06, 2024
In response to Christopher Bouzy.
I was able to change my password, but I noticed Spoutible doesn't send an email notifying the user of the p/w change. Nor does it expire active sessions (i.e. on my other laptop where I had been logged in, the p/w change didn't log me out)
Is there a plan to invalidate sessions just to be sure?
Is there a plan to invalidate sessions just to be sure?
06:06 PM - Feb 05, 2024
In response to Christopher Bouzy.
Christopher, as if you're not busy enough today, the 'password change and BTW, enable 2FA' revealed what I first thought was a cosmetic bug but in this case the cosmetics are pretty critical.
Bug report 6379 filed and also written about/demonstrated here:
https://spoutible.com/thre...
Bug report 6379 filed and also written about/demonstrated here:
https://spoutible.com/thre...
03:25 PM - Feb 05, 2024
In response to Christopher Bouzy.
Thank you for taking time out of your busy day to explain what happened. I always assume that my personal data is at risk regardless of SM sites. I mean credit report sites get hacked. I don't even need to be on internet for my information to be compromised. Thank you again for all you do.
03:00 PM - Feb 05, 2024
In response to Christopher Bouzy.
Wendy’s Credit Card Breach Across 300 Stores Caused by PoS Malware
https://www.trendmicro.com...
https://www.trendmicro.com...
01:27 PM - Feb 05, 2024
In response to Christopher Bouzy.
Mr. Bouzy, i’m trying to change my password but the system says my old one is wrong. It’s the only one i’ve had and i’ve been unable to continue. 🙏🏻❤️🐳❤️💙✊🏻
12:59 PM - Feb 05, 2024
In response to Christopher Bouzy.
heya @cbouzy I tried to do the 2 step authentication this morning... the QR code I got is corrupted
if yous want to talk to me abt this, let me know
may be time sensitive?
if yous want to talk to me abt this, let me know
may be time sensitive?
11:55 AM - Feb 05, 2024
In response to Christopher Bouzy.
Saw this from Troy's writeup and had to make an account. That disclosure report minimizes what was leaked so hard I'd call it actively deceptive. No, the passwords themselves weren't leaked, but when you include the actual unsalted hashes, 2FA seeds, and PW reset codes, is that really any better?
11:04 AM - Feb 05, 2024
In response to Apple Freak.
For the tech averse, this means that even without access to your email, anyone can reset your password and take over your account, even with 2FA enabled. And, even then, it'd be easy enough to decrypt your password from what was leaked and get your original password in plaintext.
That's abysmal.
That's abysmal.
11:13 AM - Feb 05, 2024
In response to Christopher Bouzy.
I received the email, but it did not say whether my own specific personal data was exposed. Was EVERYONE'S data exposed? Or did it happen to just some people, and will you be notifying us if we were specifically among those people? Thank you.
08:46 AM - Feb 05, 2024
In response to Greg Pak.
I didn't see an email until this morning's from haveibeenpwned
10:36 AM - Feb 05, 2024
In response to Christopher Bouzy.
I'm sorry but this isn't good enough. I received a flag from haveibeenpwned on my domain, then I came here and couldn't easily find anything without searching #spoutible and finding a random post that pointed me to this post - do better.
Have you notified an EU Data Protection Authority ?
Have you notified an EU Data Protection Authority ?
04:34 AM - Feb 05, 2024
In response to Kévin Costelloe.
You have 2 spouts, follow 1 and have 1 follower. How much are you actually invested in Spoutible?
08:18 AM - Feb 05, 2024
In response to Kévin Costelloe.
Yes, same here. Notification a week after the fact is not good enough.
10:39 AM - Feb 05, 2024
In response to Christopher Bouzy.
People should read Troy's write-up here https://www.troyhunt.com/h...
04:17 AM - Feb 05, 2024
(Edited)
In response to Mark Goodge.
@cbouzy , this link, from the person you referenced in the disclosure page, says a lot more info was disclosed. Is this accurate or is he providing incorrect information?
08:34 AM - Feb 05, 2024
In response to Christopher Bouzy.
This sounds like more than just emails and some numbers
03:24 AM - Feb 05, 2024
In response to Christopher Bouzy.
Your honesty and transparency generally but specifically re: Spoutible have been consistent since months before its launch. I know it is a big reason I and many others have such faith in Spoutible and you. Thank you.
02:06 AM - Feb 05, 2024
In response to Christopher Bouzy.
I didn't get an email, going to reset my password now. I use the website on Firefox on my laptop and on Silk on my Kindle.
06:53 PM - Feb 04, 2024
In response to Becky Helton.
I'd advise checking your Spam folder and perhaps whitelisting the Spoutible address if needed.
06:59 PM - Feb 04, 2024
In response to Christopher Bouzy.
@cbouzy
Thank you for your swift response and transparency.
I feel confident in the Spoutible team and your hands.
Password changed - Will do 2FA later in the day.
Onward and upward!
Thank you for your swift response and transparency.
I feel confident in the Spoutible team and your hands.
Password changed - Will do 2FA later in the day.
Onward and upward!
05:09 PM - Feb 04, 2024
In response to Christopher Bouzy.
Received the email. Don't know what I should do regarding my phone number. Should I change it. But its the only number I have. To get a new simcard, phone number......Same with my email.
02:49 PM - Feb 04, 2024
In response to Auntie D ?.
You may get some spam texts or e-mails but no need to change your phone number or e-mail address.
03:24 PM - Feb 04, 2024
In response to Christopher Bouzy.
Question for anyone: in trying to set up 2FA, I see that the authenticator apps Spoutible suggests are for phones. Is there a trusted one for desktops as well? I have a Mac. Or is there a built-in way to set it up without an app? Thanks!
#2FA #ResetYourPassword
#2FA #ResetYourPassword
12:33 PM - Feb 04, 2024
In response to Christopher Bouzy.
Chris, we love you & everyone at the Spoutible team.
12:21 PM - Feb 04, 2024
In response to Christopher Bouzy.
Good morning @cbouzy !
Would the breach or the recent update cause the platform to be slower? I am experiencing lag in opening the app, navigating from spot to spot, etc. i have closed and reopened, restarted device etc without improvement.
Would the breach or the recent update cause the platform to be slower? I am experiencing lag in opening the app, navigating from spot to spot, etc. i have closed and reopened, restarted device etc without improvement.
11:34 AM - Feb 04, 2024
In response to Christopher Bouzy.
Thank you for informing us; changed my password and reset 2 Factor Auth.
11:26 AM - Feb 04, 2024
In response to Christopher Bouzy.
Some people said they received an email about the data breach, but it seems like other people did not (the user who primarily runs the KHWiki account receives emails through her personal email). Is that a glitch or were emails only sent to those who directly affected by the data breach?
11:25 AM - Feb 04, 2024
In response to Kingdom Hearts Wiki.
I didn’t see one come in. But when I did a search for Spoutible in my emails, it was there.
04:02 AM - Feb 05, 2024
In response to Christopher Bouzy.
I just saw this in my email. As always, I appreciate the transparency.
11:14 AM - Feb 04, 2024
In response to Christopher Bouzy.
Consider all the breaches, security incidents, & damage to people & institutions caused by other social media networks, and how afterwards the CEOs deny, distract & dissemble. But on Spoutible we get honesty & integrity: "As the CEO of Spoutible, I accept full responsibility for this incident."
11:13 AM - Feb 04, 2024
In response to Christopher Bouzy.
Thank you for the heads-up. Data breaches are going to happen, and God knows how many times users had to find out through the news outlets rather the companies themselves. You were prompt in addressing the issue, informing us, and taking responsibility - a rarity in this day and age. Thanks again.
11:10 AM - Feb 04, 2024
(Edited)
In response to Christopher Bouzy.
Thank you for being so transparent about the incident. This upfront honesty, on all matters, as the default mode is a huge part of what makes Spoutible such an incredible platform!
11:07 AM - Feb 04, 2024
In response to Christopher Bouzy.
I appreciate your swift response and transparency. 👏🏼
11:06 AM - Feb 04, 2024
