What happened in the Shopback data breach?
Twingate Team
•
Mar 26, 2024
In September 2020, ShopBack, an online cashback portal, experienced a data breach that exposed a large number of customers' personal information. The incident raised concerns about data privacy and the security measures in place to protect users' information. ShopBack was later fined for the breach, highlighting the importance of robust security practices and proper management of access keys.
How many accounts were compromised?
The breach impacted data related to approximately 20.5 million users.
What data was leaked?
The data exposed in the breach included email addresses, geographic locations, names, passwords, and phone numbers.
How was Shopback hacked?
The breach at ShopBack occurred when a senior employee inadvertently saved an AWS key's software code in an online GitHub repository. Although the key was removed, it remained viewable in the commit history. A malicious actor exploited this oversight, gaining unauthorized access to ShopBack's servers and extracting customer data. The company discovered the breach during a routine security review and took immediate action to contain it, including deleting the compromised key and implementing enhanced security measures.
Shopback's solution
In response to the data breach, ShopBack took several measures to secure its platform and prevent future incidents. The company reversed all changes made by the hacker, triggered a forced logout and password reset for all customer accounts, and hired a private forensic expert to investigate. ShopBack also enhanced its security protocols and systems, which have since been recognized by the Cyber Security Agency of Singapore for their good security practices.
How do I know if I was affected?
ShopBack has notified customers believed to be affected by the breach. If you're a ShopBack customer and haven't received a notification, you may visit Have I Been Pwned.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions or changes to the respective platforms.
For specific advice on ShopBack's data breach and assistance, please contact ShopBack Support directly.
Where can I go to learn more?
If you want to find more information on the ShopBack data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Shopback data breach?
Twingate Team
•
Mar 26, 2024
In September 2020, ShopBack, an online cashback portal, experienced a data breach that exposed a large number of customers' personal information. The incident raised concerns about data privacy and the security measures in place to protect users' information. ShopBack was later fined for the breach, highlighting the importance of robust security practices and proper management of access keys.
How many accounts were compromised?
The breach impacted data related to approximately 20.5 million users.
What data was leaked?
The data exposed in the breach included email addresses, geographic locations, names, passwords, and phone numbers.
How was Shopback hacked?
The breach at ShopBack occurred when a senior employee inadvertently saved an AWS key's software code in an online GitHub repository. Although the key was removed, it remained viewable in the commit history. A malicious actor exploited this oversight, gaining unauthorized access to ShopBack's servers and extracting customer data. The company discovered the breach during a routine security review and took immediate action to contain it, including deleting the compromised key and implementing enhanced security measures.
Shopback's solution
In response to the data breach, ShopBack took several measures to secure its platform and prevent future incidents. The company reversed all changes made by the hacker, triggered a forced logout and password reset for all customer accounts, and hired a private forensic expert to investigate. ShopBack also enhanced its security protocols and systems, which have since been recognized by the Cyber Security Agency of Singapore for their good security practices.
How do I know if I was affected?
ShopBack has notified customers believed to be affected by the breach. If you're a ShopBack customer and haven't received a notification, you may visit Have I Been Pwned.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions or changes to the respective platforms.
For specific advice on ShopBack's data breach and assistance, please contact ShopBack Support directly.
Where can I go to learn more?
If you want to find more information on the ShopBack data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Shopback data breach?
Twingate Team
•
Mar 26, 2024
In September 2020, ShopBack, an online cashback portal, experienced a data breach that exposed a large number of customers' personal information. The incident raised concerns about data privacy and the security measures in place to protect users' information. ShopBack was later fined for the breach, highlighting the importance of robust security practices and proper management of access keys.
How many accounts were compromised?
The breach impacted data related to approximately 20.5 million users.
What data was leaked?
The data exposed in the breach included email addresses, geographic locations, names, passwords, and phone numbers.
How was Shopback hacked?
The breach at ShopBack occurred when a senior employee inadvertently saved an AWS key's software code in an online GitHub repository. Although the key was removed, it remained viewable in the commit history. A malicious actor exploited this oversight, gaining unauthorized access to ShopBack's servers and extracting customer data. The company discovered the breach during a routine security review and took immediate action to contain it, including deleting the compromised key and implementing enhanced security measures.
Shopback's solution
In response to the data breach, ShopBack took several measures to secure its platform and prevent future incidents. The company reversed all changes made by the hacker, triggered a forced logout and password reset for all customer accounts, and hired a private forensic expert to investigate. ShopBack also enhanced its security protocols and systems, which have since been recognized by the Cyber Security Agency of Singapore for their good security practices.
How do I know if I was affected?
ShopBack has notified customers believed to be affected by the breach. If you're a ShopBack customer and haven't received a notification, you may visit Have I Been Pwned.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions or changes to the respective platforms.
For specific advice on ShopBack's data breach and assistance, please contact ShopBack Support directly.
Where can I go to learn more?
If you want to find more information on the ShopBack data breach, check out the following news articles: