analyzing chatbooks.com "we're hacked statement"
chatbooks.com reaction to the hack. well, not much to say about this. first thing that kind of amused me is the fact they published their statement as image files. does someone want that not indexed?!
next thing is, they seem to know about this leak since 5.5.2020 and tell us now !? i mean that was 3-months ago. also the leak was way before that. the researches found out the breach occurred already on march 26th 2020.
also chatbooks.com claims “the stolen information appears to consist primarily of chatbooks login credentials, including name, email address and individually salted and hased passwords. additionally, for a small portion of the affected records, some phone numbers, FacebookIDs and inactive social media access and merchant tokens were also stolen”
ok it appears that only that massive chunk of information got stolen, maybe more, maybe not. chatbooks has just no idea since they just started working with a security company (will name maybe later).
chatbooks.com claims the password is “not stored in plain text” but they do not name any hashing algorythm or anything more detailed.
CONCLUSION & FEEDBACK FOR THE STATEMENT
⛔ Announced too late.
⛔ Missing information.
⛔ Statement as image files.
INFOSEC RATING: 2/7