{
	"id": "be06a119-6363-45df-8c90-123ede4e10e9",
	"created_at": "2026-04-06T00:06:26.668765Z",
	"updated_at": "2026-04-10T03:20:29.795911Z",
	"deleted_at": null,
	"sha1_hash": "390180ad59fefb79082a541be070d3cb1b312b70",
	"title": "Promo.com\u0026nbsp;discloses data breach after 22M user records leaked online",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2656697,
	"plain_text": "Promo.com\u0026nbsp;discloses data breach after 22M user records leaked\r\nonline\r\nBy Lawrence Abrams\r\nPublished: 2020-07-27 · Archived: 2026-04-05 17:06:35 UTC\r\nPromo.com, an Israeli-based marketing video creation site, has disclosed a data breach after a database containing 22 million\r\nuser records was leaked for free on a hacker forum.\r\nPromo is a web site that allows you to create promotional videos or ads that can then be shared on social networks such as\r\nFacebook, Instagram, Twitter, and LinkedIn.\r\nIn a report shared with BleepingComputer by cybersecurity intelligence firm CloudSEK, a well-known seller of data\r\nbreaches posted a database containing 22.1 million user records on a hacker forum.\r\nhttps://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nThis data contains users email addresses, names, genders, geographic location, and for 2.6 million of the users, their hashed\r\npasswords.\r\nPromo database leak\r\nThis leak included 1.4 million cracked passwords, which means they were decrypted and could immediately be used by\r\nattackers to log in to the users' accounts or use the passwords in credential stuff attacks at other sites.\r\nThis post was eventually taken down, but this past week another data breach seller released the database again on the same\r\nhacker forum.\r\nSample of the sold user database\r\nIt is not known if this database also contained the cracked passwords.\r\nPromo issues data breach notification\r\nAfter the public leaking of their database, Promo issued a data breach notification stating they became aware of a\r\nvulnerability on a third-party partner's service that affected their data.\r\n\"On July 21, 2020, our team became aware that a data security vulnerability on a 3rd party service had caused a breach\r\naffecting certain non-finance related Slidely and Promo user data. We immediately stopped all suspicious activity and\r\nhttps://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/\r\nPage 3 of 5\n\nlaunched an internal investigation to further learn about what happened,\" Promo's data breach notification states.\r\nPromo further stated that no financial information was exposed, but that a users IP address, gender, email address, name, and\r\nhashed and salted passwords were disclosed.\r\n\"The exposed data includes first name, last name, email address, IP address, approximated user location based on the IP\r\naddress, gender, as well as encrypted, hashed and salted password to the Promo or Slidely account. Although your account\r\npassword was hashed and salted (a method used to secure passwords with a key), it’s possible that it was decoded,\" the data\r\nbreach continues.\r\nAs the salt for each user's password was also included in the database, it is much easier for threat actors to crack the\r\npasswords and see them in their plain text form.\r\nPromo also stated that \"Your Log in via your social media account was not affected,\" but one of the databases shared on the\r\nhacker forum included social network login tokens.\r\nIt is unknown if these token can be used to log in to your social network accounts, but it is advised to regenerate the tokens\r\nif possible.\r\nPromo is performing a mandatory reset on all affected accounts the next time they log into Promo.com.\r\nWhat Promo customers should do\r\nWhile the passwords leaked in this data breach were encrypted, threat actors have already started to decrypt them, and the\r\nrest can be decrypted over time.\r\nAfter a user's password is cracked, threat actors would be able to use them in credential stuffing attacks at other sites.\r\nDue to this, if you are a Promo customer, you should immediately change your password to one that is strong and unique.\r\nIf you use that same password at other sites, it is strongly advised that you change your password to a unique one at those\r\nsites as well.\r\nA password manager can make it much easier to use unique passwords at every site and is highly recommended.\r\nIf you are concerned that you were exposed in this breach, Have I Been Pwned has added the database to their site, and you\r\ncan use it to check if your record was included in the data breach.\r\nhttps://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/\r\nhttps://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/"
	],
	"report_names": [
		"promocom-discloses-data-breach-after-22m-user-records-leaked-online"
	],
	"threat_actors": [],
	"ts_created_at": 1775433986,
	"ts_updated_at": 1775791229,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/390180ad59fefb79082a541be070d3cb1b312b70.pdf",
		"text": "https://archive.orkl.eu/390180ad59fefb79082a541be070d3cb1b312b70.txt",
		"img": "https://archive.orkl.eu/390180ad59fefb79082a541be070d3cb1b312b70.jpg"
	}
}