Security Awareness Training Blog

    Evite Invites Over 100 Million People to Their Data Breach

    evite-logo

    Larry at Bleepingcomputer wrote: "The data breach monitoring service Haveibeenpwned.com has added a database dump of almost 101 million Evite users who had their information exposed when attackers gained unauthorized access to their servers.

    In May 2019, Evite posted a data incident notice that disclosed an unauthorized third-party had gained access to their servers starting on February 22, 2019 and were able to access member's personal data. No financial information or social security numbers, though, were part of the breach.

    "Potentially affected information could include names, usernames, email addresses, passwords, and, if optionally provided to us, dates of birth, phone numbers, and mailing addresses."

    At the time, it was thought that approximately 10 million users had their information exposed as an Evite database with that amount was being sold on an online underground marketplace by a person named "gnosticplayers". This same person was also involved in selling various large collections of data breaches.

    According to a database received by Have I Been Pwned, the amount of exposed users is allegedly much larger. HIBP states that the database they received consists of 100,985,047 unique Evite users, with the data exposed being the same as what was disclosed in the original breach notification.

    "In April 2019, the social planning website for managing online invitations Evite identified a data breach of their systems. Upon investigation, they found unauthorised access to a database archive dating back to 2013. The exposed data included a total of 101 million unique email addresses, most belonging to recipients of invitations. Members of the service also had names, phone numbers, physical addresses, dates of birth, genders and passwords stored in plain text exposed. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com"."

    Not known if being sold online

    The original leaked database was being sold on the online underground market named Dream Market. This site has since been shut down, so it is not currently known where or if this larger Evite database is being sold online as well.

    Due to the large amount of exposed users, anyone who has an Evite account is advised to change their password. Furthermore, if you use that same password at other sites, you should change it there as well to prevent them being used in credential stuffing attacks."

    https://www.bleepingcomputer.com/news/security/evite-invites-over-100-million-people-to-their-data-breach/

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Data Breach

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews