Evite data breach leaks 100,985,047 accounts. Worse, the hacker posted the leaks for sale in the black market.
What happened? And why do you need to secure your data?
Evite Data Breach
In April 2019, Evite confirmed the data breach of its 2013 database. However, the breach data was way back in February 2019.
Also, they finished their investigations in May 2019. And they found out that the hackers accessed their inactive files.
Moreover, the data was posted on Dream Market, a dark web marketplace.
About the hacker
The hacker’s name is Gnosticplayers. He also hacked ShareThis and the other 15 websites. He released breach data in four rounds.
This one with Evite is included in the fifth round. It contains 65.5 million users data.
Moreover, this round included the following companies:
- Mindjolt, a gaming platform
- Wanelo, a digital mall
- Yanolja, a South Korean travel company
- Moda Operandi, a fashion store
- iCracked, an Apple repair store
In an email, Gnosticplayers put this data for sale for $4,350.
The leaked information
The data exposed included:
- 100,985,047 unique email addresses
- names
- phone numbers
- physical addresses
- birthdates
- genders
- passwords in plain text
But, Evite said that it did not include payment information. Also, it did not include social security numbers.
Their action
After their investigation, they hired forensic experts from other companies. So, they assisted them in tracing the hacker’s steps.
Furthermore, they contacted law enforcement about the data breach. They also continue to work with security experts.
Hence, they can improve their security.
Additionally, they continuously monitor their systems. Also, they applied more security practices.
Moreover, they reset the passwords of the affected users. They also advised everyone to change their passwords.
Also, they posted an announcement on their website. They alerted their users about the steps they can take. So, they can also protect their data.
What can you do
Evite said that they are doing their part in protecting your data. Aside from that, they advise users to:
- Review your accounts. Take note if there are unusual activities.
- Change your passwords. Also, if you used the same email or password to other sites, change them, too.
- Avoid clicking on links from doubtful emails.
How you can change your password
There are two ways to change your passwords.
- If you already logged in, you can change your password. First, go to the Account Settings. Then, click the Update Password Page.
- If you forgot your password, go to the Login Page. Then, click the Reset Password. After that, follow the prompts.
Good password practices
To make hacking difficult for hackers, you can do the following steps.
- Use different passwords for different accounts. Never reuse them.
- Install password managers. It makes storing passwords easier and safer. Also, it helps you create strong passwords. And you can automatically sign in when you have to.
- Make it a minimum of 8 to 12 characters.
- Use complex passwords. Use uppercase, lowercase, numbers, or symbols.
- Apply password encryption. It gives more protection to your password. Even if criminals steal it.
- Put on two-factor authentication. Thus, you need to confirm your identity first.