[BreachExchange] CeX hack: Up to 2m customers potentially affected
Destry Winant
destry at riskbasedsecurity.com
Thu Aug 31 08:32:33 EDT 2017
http://uk.pcmag.com/cex/90937/news/cex-hack-up-to-2m-customers-potentially-affected
Second-hand games seller CeX has fallen victim to a security breach,
which may have exposed personal details of up to two million
customers.
CeX, formerly known as Computer Exchange, has directly contacted
customers about the hack, advising them to change their webuy.com
passwords and, if you do use the same password for any other service
(which you really shouldn't be doing), change those too.
In an email, CeX's managing director David Mullins revealed that a
breach in security allowed an 'unauthorised third party' access to
systems including personal information. In a 'small' number of cases,
this information is thought to include encrypted data from expired
credit or debit cards.
While CeX hasn't stored customer's card details since 2009, even
details gleaned from expired cards could be used to identify you, who
you bank or banked with and who your card issuer is or at least at one
point, was.
This FAQ page also states that personal information could include your
first name, surname, phone number(s) addresses and email addresses -
so it'd be a good idea to change your passwords here and keep an eye
out for some obvious (and not so obvious) phishing attempts in the
future.
Some good news is that if you've not already received an email from
CeX, then your account hasn't been compromised.
Mullins adds that "This was a sophisticated breach of security and we
are working closely with the relevant authorities to help establish
who was responsible. Our cyber security specialists have already put
in place additional advanced measures to fix the problem and prevent
this from happening again."
It remains to be seen how clever the attack was; TalkTalk described
the late 2015 hack as 'sophisticated', when in reality it was anything
but.
More details will be posted to the FAQ page as the company continues
to assess the damage.
More information about the BreachExchange
mailing list