The Evite press release details the data security breach involving inactive data storage files. The social planning website and online invitation company succumbed to a data breach that occurred in April 2019.
ZD Net reports that a hacker named Gnosticplayers put a notice for the sale of the retrieved customer information. Based on the report released by ZD Net, Gnosticplayers claims to have ten million Evite user records. The compromised information includes full names, email addresses, passwords, and IP addresses.
Over the weekend, Evite reveals the hacking of the company website. Following this news, the social planning business published details about the incident. The FAQs page contains the website posting.
Despite encountering malicious activity on February 22, 2019, the company only became aware of the situation on April 15. ZD Net first reported the hacking incident in April, after reaching out to Evite. The company declined to issue a statement during that time.
Aside from Evite, other companies also encountered stolen information. According to International Business Times, Gnosticplayers also obtained data from Canva. Other victims include GyfCat, ShareThis, UnderArmor, and 500px.
Data obtained from the e-invitation site include personal information such as dates of birth, phone numbers, and mailing addresses. International Business Times states that the hacker demanded $1,900 worth of bitcoins for the 10 million mined information.
Company Statement and Plan of Action
Last weekend, the social planning site released a company statement. The announcement reads, “Upon discovering the incident, we took steps to understand the nature and scope of the issue.” The business is also reportedly “working with leading security experts to address any vulnerabilities.”
Following the hacking incident, Evite mentions that it has added safety and security measures into its system. It also continues to monitor its system for unauthorized activity.
Based on the official statement released by the site, Evite notified its users regarding the data breach. After the incident, it required customers to change their passwords and review their accounts. Users should refrain from clicking links and entering personal data when directed to another page.
ZD Net reports that social security numbers and financial information remain uncompromised in the incident. Evite clarifies that it does not collect social security numbers, with these details handled by a third-party provider.
Other Hacking Incidents
The Evite data privacy breach joins a few other breaches in the past week. These include the United States Customs and Border Protection breach and the Emuparadise incident, state the International Business Times.