ClickASnap 2022 Data Breach: What Happened and What Was Exposed?

In September 2022, ClickASnap, a popular image-sharing platform, suffered a significant data breach that directly impacted its user base. Attackers were able to compromise the site by gaining access to its Amazon RDS credentials, ultimately exposing more than 3.8 million user records in the process. The leak included a wide range of personal information such as full names, email addresses, physical and mailing addresses, social media profiles, birthdates, IP addresses, company affiliations, and even order details. Passwords were included as SHA512 hashes for general users, while forum passwords were stored more securely using Bcrypt. In addition to the data theft, attackers also defaced the ClickASnap website. Many users of the platform, which allows photographers to share and even monetize their images, were understandably concerned about the large scope of this incident and the sensitivity of the details involved.

How Did the ClickASnap Breach Happen?

The breach originated when attackers obtained Amazon RDS database credentials used by ClickASnap. With access to the back-end, cybercriminals were able to extract user data housed on the platform and tamper with the website itself. This technical compromise opened the door to a large-scale exposure covering millions of accounts.

What User Data Was Exposed?

The stolen information spanned numerous personal and account-related fields. Compromised data included:

• Email addresses and usernames
• Full names, first and last names
• Social media profile links
• Physical addresses (street, city, state, country, ZIP)
• Order information and company details
• Hashed account passwords (SHA512 for most, Bcrypt for forum users)
• IP addresses
• Dates of birth

Such a range of details increases the sensitivity of the breach as attackers could potentially piece together user identities from multiple angles.

How Many ClickASnap Users Were Affected?

The breach impacted 3,880,261 records, representing a significant portion of the site's user base. Anyone with an account around the time of September 2022 might have had their data included in the exposed database. This makes it one of the major data incidents in the realm of image-sharing services.

Timeline of the ClickASnap Breach

• September 2022: Attackers gained unauthorized access to Amazon RDS credentials and extracted backend data.
• Website defacement occurred, alerting users and staff that something was wrong.
• User information, including sensitive fields, was subsequently leaked.

Frequently Asked Questions

What happened in the ClickASnap breach?

In September 2022, ClickASnap suffered a data breach after attackers accessed their Amazon RDS credentials. Over 3.8 million user records were exposed, and the website was defaced.

How many users were affected by the ClickASnap data breach?

The breach affected 3,880,261 ClickASnap accounts, resulting in the leak of extensive personal and account-related data.

What data was leaked in the ClickASnap breach?

The breach exposed email addresses, full names, usernames, physical addresses, social profiles, order info, company details, hashed passwords, IP addresses, and birthdates.

Who was behind the ClickASnap breach?

The specific identity of the attackers has not been publicly confirmed, but they accessed the platform using compromised Amazon RDS credentials.

How can I check if I'm in the ClickASnap breach?

You can check if your information was part of the ClickASnap breach by utilizing the DeHashed search engine.