Nov. 1, 2020 – More than 34 million users’ data have been compromised across 17 companies worldwide. In the latest data security breach involving a third-party database service provider serving more than several industries worldwide – including finance, e-commerce, entertainment, information technology – the notable victims include RedMart and Eatigo.
The affected databases contained personally identifiable customer data, password hashes of varying strengths, and information linked to social media accounts. 1.1 million RedMart user accounts were reported to be stolen, while Eatigo is looking at a theft of 2.8 million user accounts’ data. Privasec has collated the statistics for the breach based on information gathered from online forums and incident reports filed to the Personal Data Protection Commission (PDPC).
In a statement released by Eatigo, "your existing eatigo account password is protected by encryption and hence safe." It is important to note that while password hashes (i.e. an encrypted version of the password) has been captured, this is still sufficient for attackers to reuse the hashes to gain access to the same accounts on other popular sites.
What affected users should do
In light of this situation and past incidents Privasec had provided expertise and advice for, users should consider the following:
- Change login credentials for the above services that have been compromised, including other platforms that might have had the same passwords. Add an extra layer of security such as 2-factor authorisation (2FA) where available
- Be vigilant and on the lookout for suspicious activities in bank accounts associated with affected services or platforms, including possible phishing attempts
- Adopt best practices for online activities, such as not reusing passwords across different websites and platforms
- Actively ensure that additional security protocols are enabled across your profiles on the internet, starting with the critical ones like government services and applications holding credit card information
Privasec is an independent security, governance, risk, and compliance consulting firm driven by business outcomes bridging the gaps between the technical and business worlds to create meaningful business cases and enhance decision making.
Over the last decade, Privasec’s consultants have delivered a broad range of engagements across various industry sectors within Australia, particularly, Government, Financial Services, Retail, IT, Health, Entertainment and Not-For Profit.
For updates on Privasec’s upcoming events and news, visit here.