[BreachExchange] Latin e-commerce giant Mercado Libre hacked

[Terrell Byrd]

https://www.zdnet.com/article/latin-e-commerce-giant-mercado-libre-gets-hacked/

Latin American e-commerce company Mercado Libre had its systems hacked in
an incident that exposed information related to 300,000 users of the
platform.

The NASDAQ-listed company disclosed the incident in an 8-K filing to the US
Securities and Exchange Commission, noting that part of its source code had
been subject to unauthorized access, exposing user data.

The report did not specify when the incident took place, but the firm said
it has activated its security protocols and is "conducting an exhaustive
analysis". The company did not provide details about where exactly in Latin
America the issue originated.

Present in most Latin countries, Mercado Libre is the region's largest
e-commerce and payments firm. The firm stressed that even though hundreds
of thousands of users had been exposed, out of its base of nearly 140
million unique active users -- which represents 0,2% of the total client
base -- critical data, including payment details, have not been accessed.

"According to our initial analysis, we have not found any evidence that our
infrastructure systems have been compromised or that any users' passwords,
account balances, investments, financial information or credit card
information were obtained", the company said in the SEC filing, adding that
it is taking "strict measures to prevent further incidents."

The Mercado Libre hack follows another major incident at Americanas.com.
Malicious actors targeted this major Brazilian e-commerce retailer on
February 19 in two attacks that rendered systems unavailable for days.
Without providing details, the company later released a statement to its
shareholders that it hadn't found any evidence that its databases were
compromised.

Cyberattacks have been on the rise in Latin America. According to an IBM
report on security threats, the region saw a 4% increase in cyberattacks in
2021 compared to the previous year. The research suggests that Brazil,
Mexico and Peru were the most attacked countries in the region last year.

As threats increase, investment in security is also on the rise: analyst
firm IDC estimates that overall security spending is expected to reach
nearly $1 billion in Brazil this year, an increase of 10% in relation to
2020. Of that total, spending on security solutions will reach $860
million, the analyst said, with cloud security becoming a key area of focus
for Brazilian IT decision-makers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220310/7db8522c/attachment.html>