I received the email yesterday from Social Blade that their systems had been breached by a hacker.
What does this mean legally? How about for their partnerships?
I have my YouTube account connected to Social Blade, a helpful analytics and benchmarking tool popular among creators and widely used across the creator economy.
In short: A hacker posted the stolen data for sale to a hacking forum, after which Social Blade worked to confirm its accuracy. Once confirmed, Social Blade took action,figuring out the security vulnerability and patching it.
But what does this mean from a legal perspective?
The Social Blade Terms of Service are notably lacking when it comes to what should be included in a standard web platform ToS. There is one sentence regarding liability: “The channel owner also agrees that Social Blade is not liable for any damages to the YouTube channel.”
Beyond that, there’s nothing else. There are no clauses addressing indemnification, warranties, or disputes, arbitration, or litigation.
I would also point out that developer terms of service for most platforms, such as YouTube, require developers include specific terms in their ToS and Privacy Policies. Some of these seem to be missing from Social Blade’s legal and policy agreements. For example, see YouTube’s Develope API Terms which require developers follow the requirements.
There may be additional terms beyond those offered to users using the standard sign up flow. For example, strategic partners and creators may have a more robust and direct agreement in place that contains more legal terms.
But as it stands from what’s publicly showing on Social Blade, there’s room for improvement across their terms and policies to better protect themselves as a company, and provide more clarity for users.