Expert Comments

Experts Insight On User Data Of Event Management App Peatix Hacked

Expert(s):
Expert(s):

Peatix sent an email to its users that their information has been improperly assessed or obtained. Peatix is an event organizing platform, currently ranked among the Alexa Top 3,500 most popular sites on the internet.

Experts Comments

Dot Your Expert Comments
Chris Hauk
November 25, 2020
Consumer Privacy Champion
Pixel Privacy

Users also need to be alert for phishing attempts from bad actors posing as Peatix via email or text.
While it's good news that none of Peatix's customers apparently had their credit card information accessed, I still strongly advise Peatix users to keep an eye on all of their financial accounts. Changing their password in a case like this should go without saying, but let's do that anyway. Also, users need to make sure they haven't reused their Peatix password on any other websites or accounts. Users also need to be alert for phishing attempts from bad actors posing as Peatix via email or.....Read More
While it's good news that none of Peatix's customers apparently had their credit card information accessed, I still strongly advise Peatix users to keep an eye on all of their financial accounts. Changing their password in a case like this should go without saying, but let's do that anyway. Also, users need to make sure they haven't reused their Peatix password on any other websites or accounts. Users also need to be alert for phishing attempts from bad actors posing as Peatix via email or text.  Read Less
Jake Moore
November 24, 2020
Cybersecurity Specialist
ESET

If anyone has been affected by the breach it is vital that they follow the steps to build more protection on their accounts.
Sharing stolen data has become a quick way of making cash. We used to see this sort of information being sold on the dark web only, but more recently we have seen a shift to it being offered on the open web. Instagram stories are a quick way to open up to the masses in a short space of time and therefore increases the chances of a quick sale. If anyone has been affected by the breach it is vital that they follow the steps to build more protection on their accounts. Furthermore, if anyone spots .....Read More
Sharing stolen data has become a quick way of making cash. We used to see this sort of information being sold on the dark web only, but more recently we have seen a shift to it being offered on the open web. Instagram stories are a quick way to open up to the masses in a short space of time and therefore increases the chances of a quick sale. If anyone has been affected by the breach it is vital that they follow the steps to build more protection on their accounts. Furthermore, if anyone spots an account selling stolen data they must report the post and account to Instagram as soon as possible.  Read Less
Boris Cipot
November 25, 2020
Senior Sales Engineer
Synopsys

It is also critical that users are vigilant as their data may be used in phishing campaigns.
Usually, when we hear about hackers offering stolen data, this takes place over deep web forums or pages. In this case, however, we are also seeing the use of social media platforms such as Instagram and messaging apps like Telegram to promote stolen names, usernames, hashed passwords, and email addresses. Peatix has issued a notification on their webpage about the breach and is also contacting users to change their password on the platform to avoid possible account misuse. Users should,.....Read More
Usually, when we hear about hackers offering stolen data, this takes place over deep web forums or pages. In this case, however, we are also seeing the use of social media platforms such as Instagram and messaging apps like Telegram to promote stolen names, usernames, hashed passwords, and email addresses. Peatix has issued a notification on their webpage about the breach and is also contacting users to change their password on the platform to avoid possible account misuse. Users should, however, also change their passwords on other services where they have been reused. It is also critical that users are vigilant as their data may be used in phishing campaigns in an attempt to gather additional data or even gain access to their computer. As such, be wary of emails with attachments or links.  Read Less
Paul Bischoff
November 25, 2020
Privacy Advocate
Comparitech

Users should also be on the lookout for targeted phishing emails from scammers posing as Peatix or a related company.
Peatix has not stated what algorithm is used to hash and salt the passwords in the database, which would give us a better indication as to whether users' passwords are at risk. I've seen plenty of breaches of passwords that were hashed with deprecated algorithms such as SHA1 or MD5 that can be cracked with little effort, so it would be good to know what algorithm was used to encrypt those passwords. Peatix users should change their passwords on Peatix and any other accounts that share the same .....Read More
Peatix has not stated what algorithm is used to hash and salt the passwords in the database, which would give us a better indication as to whether users' passwords are at risk. I've seen plenty of breaches of passwords that were hashed with deprecated algorithms such as SHA1 or MD5 that can be cracked with little effort, so it would be good to know what algorithm was used to encrypt those passwords. Peatix users should change their passwords on Peatix and any other accounts that share the same password. Every account should use a unique password to prevent hackers from attempting credential stuffing attacks. Credential stuffing is an automated process that attempts logins on dozens of online accounts using known email and password combinations. Users should also be on the lookout for targeted phishing emails from scammers posing as Peatix or a related company. The personal details from the database can be used to personalize phishing messages and make them more convincing. Do not click on links or attachments in unsolicited emails and always verify the sender's identity before responding.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Experts Reaction On World Economic Forum 2021 Report Cites Cyber...

Major Security Flaws Found In Signal And other Video Chat...

Comment On IoT Risks Of Peloton Bike

70% of UK Finance Industry Hit With Cyber-Attacks In 2020

A Chinese Hacking Group Is Stealing Airline Passenger Details

Expert Commentary: Hacker Posts 1.9 Million Pixlr User Records For...

NSA And Dutch NCSC Warn Outdated TLS Certs

Federal Agency Warns Cloud Attacks Are On The Rise –...

Experts Reaction On New Chrome Update To Boost Password Security

Experts Insight On Latest Flaw Within DNSpooq