Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday July 15 2019, @07:38AM   Printer-friendly
from the tap-the-link-to-RSVPwned-via-Evite dept.

Evite has put a FAQ up this weekend admitting to a data breach that took place starting in late February and reported by the press in April.

According to the company "On May 14, 2019, we concluded that an unauthorized party had acquired an inactive data storage file associated with our user accounts."

The company is emailing affected users and resetting passwords, but taking no other customer facing action.

Potentially affected information could include names, usernames, email addresses, passwords, and, if optionally provided to us, dates of birth, phone numbers, and mailing addresses.

According to Evite, the data file contains data circa 2013 and earlier (why inactive six year old customer information is retained is not clarified.)

Another article about the breach quotes Matan Or-El, CEO of Cyber Risk Management firm Panorays:

"Businesses that incorporate Evite into their marketing activities should be concerned about this breach," he said in an email. "Typically not considered a critical vendor, apps such as Evite are not usually monitored or assessed on their security posture. Yet as this breach demonstrates, these apps hold the data of employees as well as customers. A breach to the application propagates as a security risk to the company. Companies must ensure that they evaluate and continuously monitor the security posture of the suppliers they are working with to avoid taking a hit due to their supply chain."

Evite is hardly alone in this, other companies breached by the same attacker recently include Canva, 500px, UnderArmor, ShareThis, GfyCat, Ge.tt, MyHeritage, Mindjolt, Wanelo, Yanolja, Moda Operandi, iCracked and others.

Recent publicly disclosed breaches can be found on HaveIBeenPwned's RSS feed and you can check your various email addresses here if you want to see what breaches have disclosed it.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday July 15 2019, @05:38PM

    by Anonymous Coward on Monday July 15 2019, @05:38PM (#867257)

    Pretty sure that Evite is used by my college alumni/ae association to register people for events. If so, they've got my name & email, but I don't remember giving them a credit card number for the one or two events that required a small payment--pretty sure I paid at the time I got to the event.*

    * Completely off topic: One event was pretty cool, a tour of the stacks of our local science museum--all the rest of the collection that isn't out on display. For that we did pay a normal museum admission and one of the lead curators was our docent. C.1920 they were given the elephant tusk collection of some great white hunter(s), but of course they don't dare put those out on display anymore. In the taxidermy collection there was a passenger pigeon (now extinct) and a number of odd looking house cat sized felines...which were actually stuffed lion & tiger cubs that had died in infancy.