NORTH TEXAS (CBSDFW.COM) – The e-mail invitation and social planning service Evite is notifying its millions of customers about a data breach.
Officials with the company say they traced the malicious activity to an incident where user account information in “an inactive data storage file” was accessed. The file stored old user data with information created up through 2013. Evite launched in 1998.
The breach compromised customers’ personal information including names, usernames, email addresses, passwords, dates of birth, phone numbers, and mailing addresses. Evite says users’ social security numbers and financial data was not compromised.
A hacker who obtained the information subsequently put the Evite information, and data from other companies, up for sale on the dark web.
The company says they’re “working with leading computer experts to enhance our security” and that they’re continuing to “monitor our systems for unauthorized access.”
An email sent to users said, in part, “We have no evidence that personal information was misused, but we are notifying you out of an abundance of caution to explain the circumstances as we understand them.”
Since the breach Evite has introduced additional security measures and is requiring users to rest their passwords on their next log-in.
To protect against the misuse of personal information Evite users are being encouraged to:
- Change their password for any other account on which you used the same or similar password used for their Evite account.
- Review your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for personal information or refer individuals to a website asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.
The cybersecurity threat at Evite is just one of many this week, including a data breach involving U.S. Customs and Border Protection that netted photos and license plates of 100,000 travelers.