Evite, a social planning and e-invitations service, and one of the biggest sites on the Internet, has finally admit the data breach. ZDNet reported this in April, a security breach that ZDNet first reported back in April.
Back in April, the data of 10 million Evite users was put up for sale on a dark web marketplace for ฿0.2419 (~$1,900) by a hacker named, Gnosticplayers. The same hacker has breached, stolen, and put up for sale the details of over one billion users from many other companies, including other major online services, such as Canva, 500px, UnderArmor, ShareThis, GfyCat, Ge.tt, and others.
When ZDNet contacted Evite, there was no response in April.
Back in April, the data of 10 million Evite users was put up for sale on a dark web marketplace for ฿0.2419 (~$1,900) by a hacker named, Gnosticplayers. The same hacker has breached, stolen, and put up for sale the details of over one billion users from many other companies, including other major online services, such as Canva, 500px, UnderArmor, ShareThis, GfyCat, Ge.tt, and others.
When ZDNet contacted Evite, there was no response in April.
Data Incident
Evite recently became aware of a data security incident involving an inactive data storage file associated with Evite user accounts. No user information more recent than 2013 was contained in the file. We explain the circumstances as we understand them below, along with the steps we are undertaking to address the situation.
If you have additional questions about the incident, we encourage you to call our dedicated call center to answer any questions you may have. The call center is open 8 am to 8 pm, Eastern Time, Monday to Friday (except for holidays), and 8:00 am to 8:00 pm, Eastern Time, on Saturday, June 8, and Sunday, June 9. The numbers are:
United States: (877) 221-7485
International: (503) 924-5427
We sincerely regret any inconvenience or concern caused by this incident. We are committed to protecting your information and maintaining your trust and confidence.
FAQs
-
What happened?We became aware of a data security incident involving potential unauthorized access to our systems in April 2019. We engaged one of the leading data security firms and launched a thorough investigation. The investigation potentially traced the incident to malicious activity starting on February 22, 2019. On May 14, 2019, we concluded that an unauthorized party had acquired an inactive data storage file associated with our user accounts.
-
What actions are you taking in response to this incident?Upon discovering the incident, we took steps to understand the nature and scope of the issue, and brought in external forensic consultants that specialize in cyber-attacks. We coordinated with law enforcement regarding the incident, and are working with leading security experts to address any vulnerabilities.
We continue to monitor our systems for unauthorized access, have introduced additional security measures, and have reset passwords for all affected users. If your password was reset you will be prompted to enter a new password on your next log-in. -
What data was involved? Potentially affected information could include names, usernames, email addresses, passwords, and, if optionally provided to us, dates of birth, phone numbers, and mailing addresses.
-
Were Social Security numbers affected by this incident?No, we do not collect Social Security Numbers from users of our site.
-
Was any financial or payment data affected?No. We do not store financial or payment information. If you opted to store your payment card in your account, your payment information is maintained by and stored on the internal systems of our third-party vendor.
-
Has the issue been resolved?While perfect security can never be assured, we have worked with an outside security expert to address the vulnerabilities and remediate the incident.
-
What is Evite doing to protect my information?Once we became aware of the incident, we quickly took steps to determine the nature and scope of the issue. We are working with a leading data security firm to assist in our investigation and remediation. We have also notified and are coordinating with law enforcement authorities.
We are taking steps to protect our users, including the following:We are notifying Evite users to provide information on how they can protect their data.
We will be requiring Evite users to change their passwords and urge users to do so immediately. Instructions about how to change your password are below.
We continue to monitor for suspicious activity and to coordinate with law enforcement activities.
We continue to make enhancements to our systems to detect and prevent unauthorized access to user information.
-
I think I received an email about this issue. How do I know it is really from Evite?Emails regarding this issue were sent to users whose personal data was stored in the inactive data storage file that was acquired by the unauthorized party. Please note that the email from Evite does not ask you to click on any links or contain attachments and does not request your personal data. If the email you received about this issue prompts you to click on a link, suggests you download an attachment, or asks you for information, the email was not sent by Evite and may be an attempt to steal your personal data. Avoid clicking on links or downloading attachments from such suspicious emails.
-
What should I do to protect my information?We take our obligation to safeguard your personal data very seriously and are alerting you about this issue so you can take steps to help protect your information. We recommend you:
Change your password for any other account on which you used the same or similar information used for your Evite account.
Review your accounts for suspicious activity.
Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.
Avoid clicking on links or downloading attachments from suspicious emails.
-
How do I change my password?You can change your password via the following methods:
If you are currently logged in, you can change the password for your account on the Update Password Page in your Account Settings.
If you've forgotten or misplaced your password, please go to the Reset Password link on our Login page and follow the prompts
These instructions can always be found on our "Account Inquiries" Help Page in our Help Center.
-
Where can I get more information?We have established a dedicated call center to answer any questions you may have. The call center is open 8 am to 8 pm, Eastern Time, Monday to Friday (except for holidays), and 8:00 am to 8:00 pm, Eastern Time, on Saturday, June 8, and Sunday, June 9. The numbers are:
United States: (877) 221-7485
International: (503) 924-5427
We sincerely regret any inconvenience or concern caused by this incident. We are committed to protecting your information and maintaining your trust and confidence.
Evite
No comments:
Post a Comment