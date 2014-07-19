Evite has put a FAQ up this weekend admitting to a data breach that took place starting in late February and reported by the press in April.

According to the company "On May 14, 2019, we concluded that an unauthorized party had acquired an inactive data storage file associated with our user accounts."

The company is emailing affected users and resetting passwords, but taking no other customer facing action.

Potentially affected information could include names, usernames, email addresses, passwords, and, if optionally provided to us, dates of birth, phone numbers, and mailing addresses.

According to Evite, the data file contains data circa 2013 and earlier (why inactive six year old customer information is retained is not clarified.)

Another article about the breach quotes Matan Or-El, CEO of Cyber Risk Management firm Panorays:

"Businesses that incorporate Evite into their marketing activities should be concerned about this breach," he said in an email. "Typically not considered a critical vendor, apps such as Evite are not usually monitored or assessed on their security posture. Yet as this breach demonstrates, these apps hold the data of employees as well as customers. A breach to the application propagates as a security risk to the company. Companies must ensure that they evaluate and continuously monitor the security posture of the suppliers they are working with to avoid taking a hit due to their supply chain."

Evite is hardly alone in this, other companies breached by the same attacker recently include Canva, 500px, UnderArmor, ShareThis, GfyCat, Ge.tt, MyHeritage, Mindjolt, Wanelo, Yanolja, Moda Operandi, iCracked and others.

Recent publicly disclosed breaches can be found on HaveIBeenPwned's RSS feed and you can check your various email addresses here if you want to see what breaches have disclosed it.