The ScreenBlaze Breach Gave Hackers 252K Ready-to-Use Passwords

HEROIC analysts flagged the ScreenBlaze breach after detecting it in a batch of credential files being traded on a breach aggregation forum. The breach occured in October 2017 and exposed 252,683 user records from ScreenBlaze, a U.S.-based automated marketing and advertising platform. The data included email addresses and plaintext passwords, meaning ScreenBlaze stored user passwords with no encryption at all. This is one of the most serious security failures a platform can make, and the consequences for affected users continue today because this data keeps circulating in criminal marketplaces.

The ScreenBlaze Breach Gave Hackers Instant Access to Every Account

Plaintext passwords require no cracking. As soon as an attacker downloads this dataset, they have a ready-to-use list of email and password pairs. Automated tools can then test these combinations across hundreds of other websites in a matter of hours. Email inboxes, social media accounts, online banking, and shopping platforms are all accessable using the same credentials people recycled from their ScreenBlaze account. This is a direct path to account takeover and financial fraud with almost no effort required from the attacker.

What Was Exposed in the ScreenBlaze Breach

• Email Address
• Plaintext Password

Why Advertising Platform Breaches Reach Far Beyond One Site

Marketing and advertising platform users often include small business owners, freelancers, and agency staff who manage multiple client accounts. A compromised email and password from ScreenBlaze could give attackers access to connected ad accounts, payment methods, and business email. Credential stuffing using this data has been shown to lead to financial fraud, unauthorized advertising charges, and identity theft at a beleived scale larger than the raw record count suggests, since business accounts often contain payment information.

How Database Breaches Work

A database breach happens when an attacker breaks into the systems where a website stores its user data. Sometimes this is done through software vulnerabilities, sometimes through stolen administrator credentials, and sometimes through poorly secured servers. Once inside, the attacker copies the database and takes it offline. In ScreenBlaze's case, the failure to hash or encrypt passwords meant the stolen data was immediately useful without any additional work.

Check If Your Data Was Exposed

HEROIC offers a free breach scanner that searches more than 400 billion compromised records, including data from the ScreenBlaze breach. Enter your email address to see whether your credentials were part of this incident. If you have ever used ScreenBlaze or shared the same password across other platforms, running this check should be your first step today.