Video creation service Animoto Inc. has revealed a possible data breach in what is either a case of them being hacked or unduly paranoid.

According to a notice sent recently to the State of California Department of Justice, Animoto said it first learned of suspicious activity on July 10 after receiving an alert of unusual activity on its system. That alert involved queries being run against a user database to which it then blocked access.

On Aug. 6, an outside cybersecurity company brought in to investigate the “suspicious activity” came to the conclusion that it may have resulted in the unauthorized acquisition of user data, including dates of birth, geolocation, hashed and salted passwords, usernames and user email addresses.

“While Animoto cannot confirm that data was removed from its systems or that any particular user information was affected, Animoto is advising its users about this incident out of an abundance of caution,” the company said.

Leaving some questions unanswered, Animoto added that “while the passwords were salted and hashed (a process that obscures the password), it is unknown whether the salt key was acquired,” suggesting that there’s a possibility that it may have been.

In addition to advising users of the possible data breach, Animoto said it’s also taking steps to assure that a similar data breach does not occur again in the future. Those steps include suggesting employees and users reset their passwords, reducing employees’ access to critical systems and reviewing its policies and procedures to better detect and prevent unauthorized access to user information in the future.

Zohar Alon, chief executive officer of Dome9 Security Inc., told SiliconANGLE that breaches in cloud environments are often the result of “misconfigurations and poor security hygiene.”

“With cloud attacks being increasingly automated, the timeframe to detect and respond is extremely brief,” he said. “Any door left open will be discovered and quickly used to exploit an organization’s valuable assets. Businesses need to monitor their threat landscape on a real-time basis and enforce security discipline.”

Rich Campagna, chief marketing officer at Bitglass Inc., expressed concern with location data being possibly stolen, because when it’s compromised, it can provide insight into users’ routines, making them vulnerable to a host of criminal activities.

“Obviously, this is incredibly dangerous,” he said. “While it is possible to secure the cloud-based systems that can house this data, it is the responsibility of companies to ensure appropriate configurations, deny unauthorized accesses, and protect sensitive data at rest. As hackers’ tactics for data exfiltration evolve, it is imperative for organizations to ensure that their cybersecurity platforms are automatically learning and adapting to combat new threats.”

Image: Animoto