ShareThis data breach


#1

The ShareThis service have announced they were subjected to a big data breach. Account details of over 40 million registered users were stolen and posted on the dark web, including names, birth dates, email addresses and passwords.

Oddly the data breach happened in July 2018, but ShareThis have only quietly sent a discrete email about the incident recently. You cannot find any information about the incident on their blog or social media accounts. I heard about it through Firefox Monitor this morning.

I’m only posting this here, because I know some RapidWeaver users have got ShareThis buttons in their websites and might not have seen the email ShareThis sent about the data breach. Evidently ShareThis are embarrassed by the incident and would rather we did not know about it!

If you have a ShareThis account, you should definitely update your account details. If you have a ShareThis account but not used it in a while, consider shutting it down. Tell your friends and colleagues to do the same.

Worth mentioning that you don’t really need to engage the services of a third party (like ShareThis) for displaying social media buttons on your websites. Lots of themes include Font Awesome icons for creating social media buttons. My SocialPopup and ShareStacks are both solid alternatives too.


#2

This is an excellent example of why we all should limit our use of external services to the absolute minimum. I know, in this era, it is becoming increasingly difficult to completely avoid such digital gangsters as Facebook or Google, but there are dozens of other companies, whose services are endangering their users’ privacy and who are perfectly avoidable.


#3

I use ShareThis on my Armadillo blog and don’t recall seeing a mail from them.
Sadly I can’t add stacks to an Armadillo blog page.

Strangley enough, I received a ransomeware mail this morning (The second such scam in three months).
Luckily I know which accounts have been hacked (but not via ShareThis!) and have changed my passwords.


#4

I completely agree. Hardly a week goes past when there isn’t a controversial incident effecting these services. Facebook and Twitter are really struggling to police their platforms. YouTube seems to lurch from one controversy to another, and each time it is the content creators that suffer the consequences with demonization, shadow banning and whatever else is the flavour of the month.

Me neither! I got an email from Mozilla, telling me that they had found my Gmail address within the stolen data. Thankfully I only use Gmail as my ‘junk redirection’ service, so it was no big deal for me. But it was in direct breach of GDPR for ShareThis not to have contacted all its customers about the data breach. Nor have they provided any information on their website.

Too bad. Hopefully it is something Jonathan might consider adding. Or we could try to code you a simple solution to replicate what ShareThis does. A bit of vanilla JavaScript and some Font Awesome icons.


#5

Maybe this is an alternative?

https://www.addtoany.com/buttons/for/website


#6

Tried this before and it only works for static pages, probably won’t work for Armadillo’s blog posts.

Trying to code my own dynamic share buttons, as my site has RW and a separate php script running one inventory page, will happily share the code if I get them to work :)


#7

Well, it works dynamically in Poster Stack: https://instacks.com/blog/?post=add-to-any-test


#8

Sorry thought there was something about it which didn’t work.

Maybe, if I read it right, because it calls an external resource script from addtoany.com I think I was worried about GDPR stuff and wanted all scripts etc. to originate internally from the site rather than making external calls.

Guessing I’m wrong in regard to how it works but think I’ll try the challenge of adapting my own as a learning experience (which will probably end up with me coming back and using this anyway lol).