Evite ‘Invites’ Hacker into Unsecured Data Locker

And this week’s how-not-to-secure-your-endpoints goes to stationary and online invites Evite, whose database was auctioned on the dark web for 0.2419 Bitcoins.

With peer pressure on the rise, the company has decided to disclose the details of the incident earlier this week. Interestingly enough, the incident took place on or around April 2019.

Evite’s working with a cybersecurity firm to patch the breach and to determine the extent of the damages. ZDNet, the online publication who warned Evite about the intrusion stated that the hacker managed to steal a truck-load of info.

Is this the beginning of the end for Evite?

I can’t for certain if it’s curtains for Evite, but the perspectives don’t look too good for the online invites and stationery company. Let’s backtrack a bit – in early April, ZDNet warned the company that a hacker who goes by the name of Gnosticplayers dumped a database on the dark web market.

This database, which had Evite’s signature written all over it, contained sensitive info on 10 million Evite users. The subsequent investigation revealed that the hacker managed to steal IP addresses, names, addresses, countries, social media handles, and plain-text passwords.

Evite’s database was up for grabs and with a modest price tag – 0.2419 Bitcoins, which is the equivalent of $1,916 (the dude knows how to haggle, I have to give him that).

Fast-forwarding a month, Evite, no longer able to keep a lid on this, decided to come forward and tell everyone that: “hey, I know we’re just handing out pretty invitations and stuff, and I don’t know how to say this, but our servers got hacked, and someone out there knows where you live, and it took us a month to figure it out.”

Drama aside, it’s still quite puzzling how the hackers managed to access the company’s database. No working theory is on the table thus far, but the cybersecurity company working side-by-side with Evite has reasons to believe that the data storage which contained the info had precarious safeguards.  ‘

There’s a bit of good news too – when reached for comments, an Evite spokesperson declared that the users’ social security numbers and payment info were not impacted.

As the company explained, the platform does not require the user to supply an SSN, while payment info is stored separately.

Evite might have a hard time convincing its partners to continue doing business. Bear in mind that the database also contained sensitive info on several industry giants and such a breach does not bode well in terms of the trust.

Wrap-up

How will Evite get back on its feet after this rather unsavory announcement? It’s hard to tell, but the truth of the matter is that it’s hardly the only company that had to suffer on account of cyber-attacks. Still, that’s no excuse for poor cybersecurity conduct.

If there’s one thing companies must learn is to never, ever assume that they cannot become targets.

So, what are your thoughts on Evite’s statement? Do you think that this was an isolated incident? Hit the comments sections and let me know.

About Daniel Sadler

Old-school PC gamer, poetry buff, cat lover, tech wiz. His writing career began almost two decades ago when he modestly acknowledged that hindsight or, lack thereof, can compromise security. He enjoys spending quality time with his friends and family. Most of his friends refer to Daniel as a "man of a few words, but, man, what words!" His interests include cybersecurity, IT, blogging, and, of course, everything related to technology.

Leave a Reply

Your email address will not be published. Required fields are marked *