Experts Insight On User Data Of Event Management App Peatix Hacked

Peatix sent an email to its users that their information has been improperly assessed or obtained. Peatix is an event organizing platform, currently ranked among the Alexa Top 3,500 most popular sites on the internet.

Experts Comments

November 25, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
While it's good news that none of Peatix's customers apparently had their credit card information accessed, I still strongly advise Peatix users to keep an eye on all of their financial accounts. Changing their password in a case like this should go without saying, but let's do that anyway. Also, users need to make sure they haven't reused their Peatix password on any other websites or accounts. Users also need to be alert for phishing attempts from bad actors posing as Peatix via email or.....Read More
While it's good news that none of Peatix's customers apparently had their credit card information accessed, I still strongly advise Peatix users to keep an eye on all of their financial accounts. Changing their password in a case like this should go without saying, but let's do that anyway. Also, users need to make sure they haven't reused their Peatix password on any other websites or accounts. Users also need to be alert for phishing attempts from bad actors posing as Peatix via email or text.  Read Less
November 24, 2020
Jake Moore
Cybersecurity Specialist
ESET
Sharing stolen data has become a quick way of making cash. We used to see this sort of information being sold on the dark web only, but more recently we have seen a shift to it being offered on the open web. Instagram stories are a quick way to open up to the masses in a short space of time and therefore increases the chances of a quick sale. If anyone has been affected by the breach it is vital that they follow the steps to build more protection on their accounts. Furthermore, if anyone spots .....Read More
Sharing stolen data has become a quick way of making cash. We used to see this sort of information being sold on the dark web only, but more recently we have seen a shift to it being offered on the open web. Instagram stories are a quick way to open up to the masses in a short space of time and therefore increases the chances of a quick sale. If anyone has been affected by the breach it is vital that they follow the steps to build more protection on their accounts. Furthermore, if anyone spots an account selling stolen data they must report the post and account to Instagram as soon as possible.  Read Less
November 25, 2020
Boris Cipot
Senior Sales Engineer
Synopsys
Usually, when we hear about hackers offering stolen data, this takes place over deep web forums or pages. In this case, however, we are also seeing the use of social media platforms such as Instagram and messaging apps like Telegram to promote stolen names, usernames, hashed passwords, and email addresses. Peatix has issued a notification on their webpage about the breach and is also contacting users to change their password on the platform to avoid possible account misuse. Users should,.....Read More
Usually, when we hear about hackers offering stolen data, this takes place over deep web forums or pages. In this case, however, we are also seeing the use of social media platforms such as Instagram and messaging apps like Telegram to promote stolen names, usernames, hashed passwords, and email addresses. Peatix has issued a notification on their webpage about the breach and is also contacting users to change their password on the platform to avoid possible account misuse. Users should, however, also change their passwords on other services where they have been reused. It is also critical that users are vigilant as their data may be used in phishing campaigns in an attempt to gather additional data or even gain access to their computer. As such, be wary of emails with attachments or links.  Read Less
November 25, 2020
Paul Bischoff
Privacy Advocate
Comparitech
Peatix has not stated what algorithm is used to hash and salt the passwords in the database, which would give us a better indication as to whether users' passwords are at risk. I've seen plenty of breaches of passwords that were hashed with deprecated algorithms such as SHA1 or MD5 that can be cracked with little effort, so it would be good to know what algorithm was used to encrypt those passwords. Peatix users should change their passwords on Peatix and any other accounts that share the same .....Read More
Peatix has not stated what algorithm is used to hash and salt the passwords in the database, which would give us a better indication as to whether users' passwords are at risk. I've seen plenty of breaches of passwords that were hashed with deprecated algorithms such as SHA1 or MD5 that can be cracked with little effort, so it would be good to know what algorithm was used to encrypt those passwords. Peatix users should change their passwords on Peatix and any other accounts that share the same password. Every account should use a unique password to prevent hackers from attempting credential stuffing attacks. Credential stuffing is an automated process that attempts logins on dozens of online accounts using known email and password combinations. Users should also be on the lookout for targeted phishing emails from scammers posing as Peatix or a related company. The personal details from the database can be used to personalize phishing messages and make them more convincing. Do not click on links or attachments in unsolicited emails and always verify the sender's identity before responding.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.