The m, the European online marketplace that lets users buy delivery, transport or removal services from a network of providers, has confirmed breach involving customers’ personal data. The Register also reported that the company wrote to customers mid-last week to inform them of a “breach of security resulting in the unauthorised access to data from our user database”. The data is question is:

  • Customers’ names;
  • Customers’ emails; and
  • Customers’ password hash.

Experts Comments

January 19, 2021
Jake Moore
Cybersecurity Specialist
ESET

Although such data stolen may sound trivial, a cryptographic hash of a password could still be reverse engineered back to its original state. Therefore, if a password has been used before, by you or anyone else for that matter, it could be reversed back into the password it was before it was encrypted. This, alongside a name and email, could be all it takes for threat actors to get into other accounts if people reuse their passwords across their online accounts. The ICO may state that if ‘a

.....Read More

Although such data stolen may sound trivial, a cryptographic hash of a password could still be reverse engineered back to its original state. Therefore, if a password has been used before, by you or anyone else for that matter, it could be reversed back into the password it was before it was encrypted. This, alongside a name and email, could be all it takes for threat actors to get into other accounts if people reuse their passwords across their online accounts. The ICO may state that if ‘a risk is unlikely’ to occur then it shouldn’t need to report it but this sort of wording makes it all the more of a danger to those who have been breached and companies must do what they can to better protect their customers’ data.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.