Occasions and ticketing program Peatix has cautioned users of follow-on cyber-attacks later acknowledging it endured a data breach earlier this month.
The company claimed to have been advised by a third party on November 9 that accounts information was”improperly obtained and got.
“It’s been verified that information, such as names, email addresses, salted and hashed version of passwords, nicknames, favorite languages, and states and time zones in which the accounts were made, about a number of our customers was included,” it noted.
Thankfully, since the company doesn’t store passwords in plain text or complete credit card information, the fallout in the violation ought to be rather included.
But, it’s still asking users to reset their passwords and cautioned possible follow-on credential password and stuffing spraying strikes, which suggests its encryption might be crackable.
“If your data was accessed by poor actors, they can use it to contact you (e.g. by sending you emails ) or to try to collect personal information from you by deception (called phishing attacks),” the note continued.
Paul Bischoff, the privacy advocate at Comparitech.com, contended that the amount of risk vulnerability for affected clients depends on details that have not been revealed by the business.
“Peatix hasn’t said what algorithm is used to rosemary and hash the passwords from the database, which might give us a much better indication as to if users’ passwords are in danger,” he clarified.
“I have seen lots of breaches of passwords which were hashed using deprecated algorithms like SHA1 or MD5 which may be deciphered with very little effort, therefore it’d be useful to understand what algorithm was used to reestablish those passwords”