The social planning web service has been hit by a hacker. 10 Million Evite users login credentials are now up for sale on the dark web.
With the AMCA meltdown finally settling down, we can finally start reporting on other security incidences. A hacker known as GnosticPlayers has been claiming to have hacked online service Evite for a bit now. More recently, however, the service itself finally admitted that they were the victims of a data breach.
From ZDNet:
At the time, a hacker named Gnosticplayers put up for sale the customer data of six companies, including Evite.
The hacker claimed to be selling ten million Evite user records that included full names, email addresses, IP addresses, and cleartext passwords.
ZDNet reached out to notify Evite of the hack and that its data was being sold on the dark web on April 15; however, the company never returned our request for comment.
But over the weekend, Evite published a FAQ page on its website, admitting to the hack, and publishing more details about the incident.
The company said that following an investigation, it tracked the incident to “malicious activity starting on February 22, 2019.”
Evite said the malicious intruder stole “an inactive data storage file” that was holding information on some Evite user accounts. According to the company, the file — which appears to have been an old backup — didn’t store “user information more recent than 2013.”
The report goes on to say that Evite is encouraging users to reset their passwords even though the information is likely old. On the plus side, the data appears to be not financial related.
June has been quite an active month for leaks and breaches. The month started off with a bang when First American suffered from a data leak. In that incident, 885 million records were exposed. From there, Marriott’s parent company suffered a data leak. 85.4GB of security data was compromised.
From there, the U.S. Customs and Border Protection agency was hit with a data breach. It’s unclear how much data was compromised, but by some reports, the stolen information weighed in at “hundreds of gigabytes“. This was followed up by the comparatively small breach at EmuParadise. In that case, 1.1 million forum accounts were compromised.
From there, we learned of the AMCA data breach which ballooned to at least 20 million patients being compromised. That breach eventually led to the company filing for Chapter 11 bankruptcy.
This latest breach only adds to the carnage for the month at this point.
Drew Wilson on Twitter: @icecube85 and Facebook.