Expert Comments

Experts Insight On User Data Of Event Management App Peatix Hacked

Expert(s):
Expert(s):

Peatix sent an email to its users that their information has been improperly assessed or obtained. Peatix is an event organizing platform, currently ranked among the Alexa Top 3,500 most popular sites on the internet.

Experts Comments

Dot Your Expert Comments
Chris Hauk
November 25, 2020
Consumer Privacy Champion
Pixel Privacy

Users also need to be alert for phishing attempts from bad actors posing as Peatix via email or text.
While it's good news that none of Peatix's customers apparently had their credit card information accessed, I still strongly advise Peatix users to keep an eye on all of their financial accounts. Changing their password in a case like this should go without saying, but let's do that anyway. Also, users need to make sure they haven't reused their Peatix password on any other websites or accounts. Users also need to be alert for phishing attempts from bad actors posing as Peatix via email or.....Read More
While it's good news that none of Peatix's customers apparently had their credit card information accessed, I still strongly advise Peatix users to keep an eye on all of their financial accounts. Changing their password in a case like this should go without saying, but let's do that anyway. Also, users need to make sure they haven't reused their Peatix password on any other websites or accounts. Users also need to be alert for phishing attempts from bad actors posing as Peatix via email or text.  Read Less
Jake Moore
November 24, 2020
Cybersecurity Specialist
ESET

If anyone has been affected by the breach it is vital that they follow the steps to build more protection on their accounts.
Sharing stolen data has become a quick way of making cash. We used to see this sort of information being sold on the dark web only, but more recently we have seen a shift to it being offered on the open web. Instagram stories are a quick way to open up to the masses in a short space of time and therefore increases the chances of a quick sale. If anyone has been affected by the breach it is vital that they follow the steps to build more protection on their accounts. Furthermore, if anyone spots .....Read More
Sharing stolen data has become a quick way of making cash. We used to see this sort of information being sold on the dark web only, but more recently we have seen a shift to it being offered on the open web. Instagram stories are a quick way to open up to the masses in a short space of time and therefore increases the chances of a quick sale. If anyone has been affected by the breach it is vital that they follow the steps to build more protection on their accounts. Furthermore, if anyone spots an account selling stolen data they must report the post and account to Instagram as soon as possible.  Read Less
Boris Cipot
November 25, 2020
Senior Sales Engineer
Synopsys

It is also critical that users are vigilant as their data may be used in phishing campaigns.
Usually, when we hear about hackers offering stolen data, this takes place over deep web forums or pages. In this case, however, we are also seeing the use of social media platforms such as Instagram and messaging apps like Telegram to promote stolen names, usernames, hashed passwords, and email addresses. Peatix has issued a notification on their webpage about the breach and is also contacting users to change their password on the platform to avoid possible account misuse. Users should,.....Read More
Usually, when we hear about hackers offering stolen data, this takes place over deep web forums or pages. In this case, however, we are also seeing the use of social media platforms such as Instagram and messaging apps like Telegram to promote stolen names, usernames, hashed passwords, and email addresses. Peatix has issued a notification on their webpage about the breach and is also contacting users to change their password on the platform to avoid possible account misuse. Users should, however, also change their passwords on other services where they have been reused. It is also critical that users are vigilant as their data may be used in phishing campaigns in an attempt to gather additional data or even gain access to their computer. As such, be wary of emails with attachments or links.  Read Less
Paul Bischoff
November 25, 2020
Privacy Advocate
Comparitech

Users should also be on the lookout for targeted phishing emails from scammers posing as Peatix or a related company.
Peatix has not stated what algorithm is used to hash and salt the passwords in the database, which would give us a better indication as to whether users' passwords are at risk. I've seen plenty of breaches of passwords that were hashed with deprecated algorithms such as SHA1 or MD5 that can be cracked with little effort, so it would be good to know what algorithm was used to encrypt those passwords. Peatix users should change their passwords on Peatix and any other accounts that share the same .....Read More
Peatix has not stated what algorithm is used to hash and salt the passwords in the database, which would give us a better indication as to whether users' passwords are at risk. I've seen plenty of breaches of passwords that were hashed with deprecated algorithms such as SHA1 or MD5 that can be cracked with little effort, so it would be good to know what algorithm was used to encrypt those passwords. Peatix users should change their passwords on Peatix and any other accounts that share the same password. Every account should use a unique password to prevent hackers from attempting credential stuffing attacks. Credential stuffing is an automated process that attempts logins on dozens of online accounts using known email and password combinations. Users should also be on the lookout for targeted phishing emails from scammers posing as Peatix or a related company. The personal details from the database can be used to personalize phishing messages and make them more convincing. Do not click on links or attachments in unsolicited emails and always verify the sender's identity before responding.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords

Expert Reaction On Go Is Becoming The Language Of Choice...

Experts On Google Voice Outage

Expert Reaction On GCHQ To Use AI In Cyberwarfare

Comment: Hackers Break Into ‘Biochemical Systems’ At Oxford Uni Lab...