You have logged out

Log in

Create Account

Reset Password

Delete Account

Give Us Feedback

Report a Bug

Data Privacy Notice

Jobs

Partners

Press

Help

Terms & Conditions

Privacy Policy

Imprint

© 2019 Dubsmash, Inc. All rights reserved.

Notification of a Data Security Incident

On February 8, 2019 Dubsmash received information that user information was for sale on the internet. In response, we launched an investigation and engaged an incident response team that included privacy and cyber security counsel and a digital forensics team to provide assistance. We also reported this incident to law enforcement. Our investigation is ongoing.

The investigation identified a database containing stolen public usernames and encrypted passwords. While there is no indication of unauthorized access to the passwords, we encourage you to update or change them. In addition, we discourage users from sharing the same password/log-in for different websites. Some users also supplied additional private information that is believed to be present in the affected data: birthdates, phone numbers, email addresses, and country/language information.

In the event you provided your phone number to Dubsmash, we recommend that you take additional security precautions with your cellular provider to prevent your number being ported to another user and network. Many phone providers will provide a pin as added security to prevent porting.

Dubsmash takes the security of all user information very seriously and is taking steps to prevent a similar event from occurring in the future, including strengthening security measures and ensuring networks and systems are secure.

For further information and additional questions, please email us at support@dubsmash.com. Dubsmash has established an international* call center to answer questions about the incident and related concerns. The call center is available sixteen hours each day, seven days each week, excluding U.S. holidays. You can reach our call center by dialing:

U.S.: 1.800.961.4430

International: 001.616.425.8441

Please see additional information on the following page. We deeply regret any issue or concerns this incident may cause our users, and please don’t hesitate to get in touch if you have any questions.

The Dubsmash Team

*All users are welcome to use the toll free 1-800 number. However, there may be limitations for use outside the U.S. To minimize international calling charges, please call the International number provided and a representative would be glad to return your call.

Additional Information

Q: What happened?

A:

On February 8, 2019, Dubsmash was informed that personal information pertaining to some Dubsmash users was for sale on the internet. Dubsmash immediately reported the matter to law enforcement and involved cybersecurity experts to investigate the incident. Dubsmash also purchased the information on the internet to verify it was Dubsmash user information and to determine what information was involved. Upon confirming it involved Dubsmash user information, Dubsmash notified the public and the media as soon as possible.

Q: When did this happen?

A:

Dubsmash was informed of the incident on February 8, 2019, and immediately notified law enforcement and involved cybersecurity experts to investigate the incident. At this time, it is not known when the information was taken, and Dubsmash’s investigation is ongoing.

Q: How did the incident happen?

A:

This is part of an ongoing investigation.

Q: How did you discover the incident?

A:

On February 8, 2019, Dubsmash was informed that personal information pertaining to some Dubsmash users was for sale on the internet. Dubsmash immediately reported the matter to law enforcement and involved cybersecurity experts to investigate the incident. Dubsmash also purchased the information on the internet as part of its investigation to validate the information source and to determine what information was involved.

Q: What personal information was involved?

A:

While the precise information that was taken is unknown, we know it contained private and public information about some users. The public information may include first and last name and profile picture. The private personal information may include dates of birth, phone numbers, and device country- and language information, depending on the information provided by the user upon registration. The information may also include encrypted passwords, which means that the passwords cannot be viewed without a special access key. We nonetheless recommend that users change their Dubsmash passwords and avoid using the same password and log-in information for different websites. In addition, if you provided your phone number to Dubsmash, we recommend that you take additional security precautions with your cellular provider so prevent your number being ported to another user and network. Many phone providers will provide a pin as added security to prevent porting.

Q: Was the information encrypted or protected?

A:

Yes, the private information was protected on Dubsmash’s network. In addition, while Dubsmash passwords were among the information that was acquired, the passwords were encrypted, meaning that they cannot be viewed without a special access key which was not obtained in the theft. In response to this incident, Dubsmash has taken steps to strengthen the security of the personal information in its possession in an effort to prevent similar incidents from occurring in the future.

Q: Have the police or authorities been notified?

A:

Yes, Dubsmash has notified the Federal Bureau of Investigation of the incident. Dubsmash will fully cooperate with law enforcement in an attempt to hold the perpetrators accountable. In addition, Dubsmash has notified any required authorities in countries of affected users.

Q: How many people were involved in the incident?

A:

We have not confirmed how many users were potentially affected.

Q: How have you informed the people involved in the incident?

A:

Dubsmash has posted a public notice of the incident on its website. Dubsmash is also pushing a notification to the users via the mobile app with a link to the website to inform them of the incident. Dubsmash does not have physical address information for its users, so it is unable to physically mail letters to them. In addition, Dubsmash has provided information about this incident to the media.

Q: Why didn’t I get a letter telling me that my information was affected?

A:

Dubsmash does not have user addresses. Instead, it is notifying potentially affected users by posting information on its website and through the app platform.

Q: How did you respond to the incident?

A:

Upon discovering the incident, Dubsmash took immediate steps to ensure that its network was secure, and hired cybersecurity experts to investigate the incident. Dubsmash also reported the incident to the Federal Bureau of Investigation and any requires authorities in countries of affected user. Dubsmash has also taken steps to strengthen the security of personal information in its possession in an effort to prevent similar incidents from occurring in the future. Dubsmash has also notified the public and the media about the incident.

Q: Has anybody accessed my Dubsmash account as a result of this incident?

A:

There is no indication of unauthorized access to Dubsmash user accounts as a result of this incident.

Q: I saw online that someone purchased the Dubsmash data. Who purchased the information? Was my information purchased?

A:

You may have seen online media reports that the Dubsmash information was purchased on the internet. It was Dubsmash that purchased the information as part of its investigation to verify the data was in fact that of Dubsmash and to determine what, if any, personal information for Dubsmash users was involved.

Q: Was my information compromised or misused?

A:

There is no indication of unauthorized access to Dubsmash user accounts as a result of this incident. While Dubsmash passwords were among the information that was acquired, the passwords were encrypted, meaning that they could not be viewed without a special access key,which was not acquired.

Regardless, we recommend that Dubsmash users change their passwords, and that they update all passwords regularly. In general, we also recommend that users avoid using the same password and log-in information for different websites. In addition, for users who provided their phone number to Dubsmash, we recommend taking additional security precautions with your cellular provider to prevent your number from being ported to another user and network. Many phone providers will provide a personal access code as added security to prevent porting.

Q: What can I do to protect my personal information?

A:

We recommend that Dubsmash users change their passwords, and that they update all passwords regularly. We also recommend that users avoid using the same password and log-in information for different websites. In addition, for users who provided their phone number to Dubsmash, we recommend taking additional security precautions with your cellular provider to prevent your number from being ported to another user and network. Many phone providers will provide a personal access code as added security to prevent porting.

Q: Who should I contact if I have questions?

A:

You can email us at support@dubsmash.com. Dubsmash has established an international toll-free call center to answer questions about the incident and related concerns. The call center is available seven days a week, excluding U.S. holidays, during the following hours:

3:00 a.m. to 7:00 p.m. Pacific Standard Time

6:00 a.m. to 10:00 p.m. Eastern Standard Time,

12:00 p.m. to 4:00 a.m. Central European Time

You can reach our call center by dialing:

U.S.: 1.800.961.4430

International: 001.616.425.8441

Q: I am concerned about identity theft. What kind of credit or identity monitoring services can you offer me?

A:

Dubsmash is not offering monitoring services because, given the information involved in the incident, identity theft for monetary gain is unlikely. If you are concerned about misuse of your information, we recommend that you change your password, and that you update all passwords regularly. We also recommend that users avoid using the same password and log-in information for different websites. In addition, for users who provided their phone number to Dubsmash, we recommend taking additional security precautions with your cellular provider to prevent your number from being ported to another user and network. Many phone providers will provide a personal access code as added security to prevent porting.

Q: Is there anything I need to do to in response to the incident?

A:

We recommend that Dubsmash users change their passwords, and that they update all passwords regularly. We also recommend that users avoid using the same password and log-in information for different websites. In addition, for users who provided their phone number to Dubsmash, we recommend taking additional security precautions with your cellular provider to prevent your number from being ported to another user and network. Many phone providers will provide a personal access code as added security to prevent porting.