[BreachExchange] Evite Confirms Data Breach After Hacker Sells User Data On Dark Web
Destry Winant
destry at riskbasedsecurity.com
Thu Jun 13 01:27:01 EDT 2019
https://www.ibtimes.com/evite-confirms-data-breach-after-hacker-sells-user-data-dark-web-2799936
The popular online e-inviations and social planning service Evite
confirmed falling victim to a data breach. The breach saw a hacker
called “Gnosticplayers” put Evite users' personal data up for sale on
the dark web.
According to ZDNet, the hacker also obtained data from five other
companies and put them all up for sale in April. The cybercriminal
reportedly hacked and stole data from firms such as Canva, 500px,
ShareThis, UnderArmor, GyfCat and more.
Gnosticplayers reportedly claimed to have obtained ten million Evite
user records, which included users' full names, IP addresses, email
addresses and cleartext passwords. ZDNet reported that in April, the
hacker Gnosticplayers demanded $1,900 worth of bitcoins for 10 million
Evite user records.
Evite confirmed that the breach occurred in February and involved
cybercriminals accessing a file that contained user records dating
back to 2013. The firm said that users' names, usernames, email
addresses, passwords, dates of birth, phone numbers and mailing
addresses could have been “potentially affected” by the breach.
SKIP AD
“Upon discovering the incident, we took steps to understand the nature
and scope of the issue, and brought in external forensic consultants
that specialize in cyber-attacks. We coordinated with law enforcement
regarding the incident, and are working with leading security experts
to address any vulnerabilities,” Evite said in a statement. “We
continue to monitor our systems for unauthorized access, have
introduced additional security measures, and will be prompting
affected Evite users to reset their Evite passwords on their next
log-in.”
Evite said that users' social security numbers and financial data was
not compromised by the breach since the firm does not collect or store
financial information. The firm said that it has sent emails notifying
users affected by the breach. The firm also cautioned users about
phishing emails, assuring them that the firm will not ask users to
click on links.
“Please note that the email from Evite does not ask you to click on
any links or contain attachments and does not request your personal
data. If the email you received about this issue prompts you to click
on a link, suggests you download an attachment, or asks you for
information, the email was not sent by Evite and may be an attempt to
steal your personal data. Avoid clicking on links or downloading
attachments from such suspicious emails,” Evite warned.
Evite is also urging its users to reset passwords, stay on alert for
suspicious activities, phishing attempts. However, it is still unclear
as to how Evite was hacked and how many users were affected by the
breach.
More information about the BreachExchange
mailing list