A recently announced Evite data breach has some alarming potential outcomes. The internet-driven invitation platform allowed people to sign up for events and virtual meetups, so the very nature of the website gave outsiders a way to contact users via email. Access to the users’ Evite accounts means a hacker could send phishing attempts, malicious links or other scam communications to unsuspecting individuals.
The Evite data breach, which occurred from February to May this year, compromised account information dating back as far as 2013. That information included names, email addresses, usernames and passwords for an as-of-yet unknown number of users. Other optional information that some users provided, such as birthdates and phone numbers, was accessed as well.
Risk Level of Information Exposed
It is tempting to think that this information is not all that sensitive, so therefore, this breach is not too troublesome. Unfortunately, that is not the case. First, any data breach of stored information is a big deal since it means someone has managed to work their way into a cache of collected data. Moreover, usernames, email addresses, and passwords are a massive problem if the users haven’t been practicing solid security hygiene.
There is an interesting twist with the Evite data breach that experts have identified: the notification letter itself. Now that data breach notification letters can legally be emailed—which not only reduces the amount of time for victims to find out, but also greatly reduces the cost to the company who suffered the breach—there is actually a plausible concern that spammers themselves will email the victims. Once news of this or any data breach comes to light, spammers could send out fake emails that appear to come from the affected company. Instead of helping the victims, though, they may contain harmful links, viruses or further phishing attempts. It is important to follow good protocols for your security when receiving a data breach notification email.
What You Can Do About It
For now, Evite users are encouraged to change their passwords and ensure that no other accounts they use shared those same login credentials. This is true even if you do not receive a notification email from Evite. Also, if you do receive any communication from Evite, do not click a link or download an attachment. The company has already said its notification letter while not contain those things, but it is never a good idea to click or download in an email unless you were expecting additional content. Always verify the safety of the link or attachment before opening it, regardless of who you think sent it.
Of course, the Identity Theft Resource Center is here to help. Speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.
Experian proudly provides financial support to the Identity Theft Resource Center.
You might also like…