It has been reported that wine dealer Vinomofo is the latest Australian company to be targeted by a cyber-attack. At risk of exposure are the names, dates of birth, addresses, email addresses, phone numbers and genders of customers – Vinomofo has about 500,000 people on its books, but it’s not clear if all were exposed. Vinomofo said the risk to members was “low” because other information, such as passports, credit card details and driver’s licences were not held by Vinomofo.
Vinomofo users should be on the lookout for phishing emails and text messages from scammers posing as Vinomofo or a related company. Never click on links or attachments in unsolicited messages. Thankfully, no payment or other sensitive information was stolen, so there’s no direct or immediate threat to customers’ money. The data was breached on a testing platform, according to the company, which to me sounds a lot like a security misconfiguration, although Vinomofo hasn’t said as much. Such incidents are not uncommon, wherein a test server loaded with real users’ data is made available on the public internet. Our studies show insecure data can be found and stolen within hours of exposure:
It seems as if we have all joined some evil “breach of the day” club these days, with one breach right after another.Vinomofo customers will want to be on guard against phishing expeditions that will use the data gleaned from this breach to attempt to gain even more personal and financial information. They will also want to keep an eye on their financial information and credit reports, staying alert for any new activity and for accounts that may have been opened in their names. Users should take advantage of credit monitoring services offered to customers by various financial institutions.