Ad posting website Gumtree has admitted to losing email addresses, names and phone numbers of some of its Australian customers, according to a report by The Register.
The firm fessed up to falling victim to a recent cyber-attack which led to unknown and unauthorized parties gaining access to some account details of Gumtree users.
In a statement posted on The Register’s website, Gumtree said that account passwords were not accessed and that they resolved the issue within minutes of discovering it. They were also quick to point out that it was an isolated incident which only impacted certain Australian Gumtree accounts.
“We’ve since taken extra steps to protect user information. The affected users, privacy regulators and the Australian Federal Police have been notified,” Gumtree said.
“Safety and security of our community remains our number one priority and we continue to educate our users about staying safe online and identifying potential scams or phishing attempts from fraudulent parties.”
However, this latest data breach will come as a concern to Australian Gumtree users, as the firm was also in the headlines recently for serving the world’s most capable exploit kit Angler to scores of its Aussie customers.
Speaking to Infosecurity, security researcher Troy Hunt said that this latest data breach acts as a reminder to us all that our online information is always at risk of future exposure.
“Data breaches have become a norm these days and one of the most important things we should be doing when we put information online is working on the assumption that it may one day be disclosed. That goes equally for contact information on a site like Gumtree as it does for our photos that might be backed up to iCloud.
“Sites like Gumtree that allow people to post information that is then visible to other people need to be particularly conscious of security given the risk of malicious input,” he added.
SOURCE: Michael Hill