Peatix Users Need to Change Passwords ASAP
A new security breach that has taken place in November 2020. The illegally accessed data has now been put up for sale online using various platforms.
The security breach and subsequent leak involved the data of over 4.2 million accounts registered with Peatix. Peatix is a platform for organizing and discovering events and has both a website and a mobile app.
The leaked information includes full names, registered usernames, e-mail addresses and passwords in salted and hashed format. The vast majority of the names that appear in the stolen data are Asian, which makes sense, given that Peatix is originally a Japanese platform, which gradually expanded across Asia and eventually hit the US market.
The stolen information was put up for sale in the form of advertisements on various hacker forums, as well as through Telegram channels and Instagram posts.
According to ZDNet, Peatix did not respond when ZDNet notified the company of a potential breach in early November 2020. Eventually, Peatix disclosed the data breach publicly, announcing it on their website.
The company stated that there was no financial information leaked or contained in the compromised database, as this data is not saved locally and is processed by third parties. Peatix is currently in the process of informing all its customers about the data breach event and advising them to change their passwords as soon as possible.
Peatix further stated that there is no evidence that any additional event attendance information or data related to users' phone numbers or real life addresses was accessed by the bad actors.
As is the case with every data breach, the best affected users can do is change their password as fast as they can and hope they exercised good password safety and did not reuse the password from the breached site anywhere else.