The m, the European online marketplace that lets users buy delivery, transport or removal services from a network of providers, has confirmed breach involving customers’ personal data. The Register also reported that the company wrote to customers mid-last week to inform them of a “breach of security resulting in the unauthorised access to data from our user database”. The data is question is:

  • Customers’ names;
  • Customers’ emails; and
  • Customers’ password hash.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
January 19, 2021 3:49 pm

<p>Although such data stolen may sound trivial, a cryptographic hash of a password could still be reverse engineered back to its original state. Therefore, if a password has been used before, by you or anyone else for that matter, it could be reversed back into the password it was before it was encrypted. This, alongside a name and email, could be all it takes for threat actors to get into other accounts if people reuse their passwords across their online accounts. The ICO may state that if ‘a risk is unlikely’ to occur then it shouldn’t need to report it but this sort of wording makes it all the more of a danger to those who have been breached and companies must do what they can to better protect their customers’ data<i>.</i></p>

Last edited 1 year ago by Jake Moore
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x