Los Angeles-based Vixlet‘s web site says, “Social networks of tomorrow Today. Bring it On.” So Chris Vickery, the white-hat researcher who uncovered the Systema Software breach, did. And what he found was that fans of Major League Baseball, ATP, and Slipknot had their personal details leaked.
“I downloaded over 377,000 user account details, Chris tells DataBreaches.net, including, “names, email addresses, password hashes, and dates of birth.” It was easy to do, Chris said, as no login was even required:
Chris e-mailed Vixlet Friday morning to alert them that their database appeared to be exposed. Within an hour, Vixlet called him to report that their engineers were working on addressing the problem he had uncovered. On Sunday morning, Chris verified that the data were no longer available.
Vixlet, whose LinkedIn profile claims 51-200 employees, develops and operates a social networking website. When fans participate on sites like MLB.com, they can login to the fan portion of the site through Vixlet or through MLB.com. For fans participating in the Slipknot community or the ATP World Tour site, their only login option is through Vixlet.
Vixlet, formerly known as Divide Nine LLC, incorporated in 2010.
DataBreaches.net e-mailed Vixlet yesterday to ask how the leak occurred, whether the firm had determined if the users’ directory had been accessed by anyone other than Vickery, and whether Vixlet intended to notify its corporate clients and/or users. This post will be updated if and when more information becomes available.