Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday July 15 2019, @07:38AM   Printer-friendly
from the tap-the-link-to-RSVPwned-via-Evite dept.

Evite has put a FAQ up this weekend admitting to a data breach that took place starting in late February and reported by the press in April.

According to the company "On May 14, 2019, we concluded that an unauthorized party had acquired an inactive data storage file associated with our user accounts."

The company is emailing affected users and resetting passwords, but taking no other customer facing action.

Potentially affected information could include names, usernames, email addresses, passwords, and, if optionally provided to us, dates of birth, phone numbers, and mailing addresses.

According to Evite, the data file contains data circa 2013 and earlier (why inactive six year old customer information is retained is not clarified.)

Another article about the breach quotes Matan Or-El, CEO of Cyber Risk Management firm Panorays:

"Businesses that incorporate Evite into their marketing activities should be concerned about this breach," he said in an email. "Typically not considered a critical vendor, apps such as Evite are not usually monitored or assessed on their security posture. Yet as this breach demonstrates, these apps hold the data of employees as well as customers. A breach to the application propagates as a security risk to the company. Companies must ensure that they evaluate and continuously monitor the security posture of the suppliers they are working with to avoid taking a hit due to their supply chain."

Evite is hardly alone in this, other companies breached by the same attacker recently include Canva, 500px, UnderArmor, ShareThis, GfyCat, Ge.tt, MyHeritage, Mindjolt, Wanelo, Yanolja, Moda Operandi, iCracked and others.

Recent publicly disclosed breaches can be found on HaveIBeenPwned's RSS feed and you can check your various email addresses here if you want to see what breaches have disclosed it.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by nitehawk214 on Monday July 15 2019, @02:46PM

    by nitehawk214 (1304) on Monday July 15 2019, @02:46PM (#867196)

    I got a notification from HaveIBeenPwned on this, but I don't recall ever using the app. I think it does

    The breached data is listed as "Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses"

    So they probably have been collecting shadow profiles of people that other assholes were happy to type in.

    Remember, just because you don't use a social media platform doesn't mean your data is not being compromised by it.

    --
    "Don't you ever miss the days when you used to be nostalgic?" -Loiosh