According to IT portal, Quidd, the online marketplace for trading stickers, cards, toys, and other collectibles, has disclosed a data breach. The issues impacted in 2019 (October through to December), although the news has only recently come to light. In response to the issue, the company is recommending that all users to change their passwords.
It appears, as ZDNet reports, a hacker under the nom de plume of ProTag cracked into the company’s systems and lifted usernames, email addresses and hashed passwords. While the passwords are hashed, they may not be impossible to break. The data was made available to Dark Web hackers, and sites like Pastebin, without any sort of restrictions.
As well as users, exposed data included the email addresses of companies like Microsoft, Experian, AIG, Accenture, Target, University of Pennsylvania, Virgin Media and Tutanota.
Commenting on the matter for Digital Journal, security expert Ed Macnair, CEO of Censornet says: “It is hugely worrying that such a large number of users have been exposed in this instance, particularly as the leaked information is now being shared for free on public hacker forums. As the data contains usernames, email addresses and hashed account passwords, cyber criminals have all they need to launch targeted and sophisticated Account Takeover attacks against Quidd customers.”
In terms of safeguarding from such events going forwards, Macnair adds: “Organisations such as these simply must take responsibility for the data of their users and do more to fend off potential scammers. It’s important that businesses implement a multi-layered security posture which combines the right technology with best practice policies to offer visibility and control over these large databases.”
Macnair reiterates best practice advice, in relation to the specific event, stating: “All Quidd users should immediately change their passwords and consider implementing multi-factor authentication in order to add an extra layer of security to avoid being targeted by hackers.”