Thirteen Million deviantART Accounts Exposed

Friday, December 17, 2010



Thirteen million deviantART accounts have been breached by hackers revealing usernames, birth dates and email addresses.

deviantART is the largest social network dedicated to artists and art aficionados.

The breach follows on the heels of the Gawker breach, which exposed the usernames and passwords for 1.3 million accounts.

The exposure was reported to be due to security lapses at Silverpop System Inc., a marketing company that handles member communications for deviantART.

The companies stated that no passwords were accessed in the breach, and that the biggest threat will be an influx of SPAM for the unfortunate account holders exposed.

deviantART issued a statement to

"While we're not at liberty to provide any additional details due to the ongoing investigation, we do want to clarify a few inaccuracies: 1) Not all of our members were impacted. The ones who were received an email from the company. 2) We explicitly stated that it was Silverpop's servers that were breached - not deviantART's. None of our servers or other systems were compromised."

Though the breach is many times larger than that of Gawker, the impact is expected to be a great deal less.

Gawker's breach included passwords, many of which were from using other social media accounts and used to authenticate and login to the Gawker site, the usernames and passwords could be used to access other user held accounts.

These breaches highlight two important security concerns, the being third-party security and liability issues, and the second is the using the login credentials of one network to access others.

It is becoming quite common for websites to allow authentication using Twitter, Facebook, Google and other credentials to sign in - if one network is compromised, users run the risk of exposing their other networks as well.

Once a network is illegally accessed by a criminal network, it can be used to send mass Spam messages to the user's contacts, for social engineering exploits, or to gather information used to commit identity theft.

It is recommended that strong, unique passwords be employed for each and every account that requires a login credential.


Possibly Related Articles:
Email breaches Authentication Headlines Third Party Hacker deviantART
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.