Posts

No results for 'undefined'
Powered by Algolia

Evitten Twice Shy

17 July 2019

blurry balls of light
Derived from Evite’s Party Ideas DIY Jack-O’-Lantern Balloons social images

Did you have an Evite account as of August 2013?

Why August 2013?…’ you might ask. Well it seems Evite’s systems were breached sometime around February 22, 2019, and that they became aware of this “malicious activity” in April 2019, apparently when ZDNet notified Evite the data was for sale on the dark web.

In this compromise, the attackers made off with a database archive, old data from 2013:

On May 14, 2019, we concluded that an unauthorized party had acquired an inactive data storage file associated with our user accounts.

– FAQ #1 from Evite’s “Data Incident” notice

There is also a notice at Have I Been Pwned (which is how I found out about the breach on July 14) which lists:

Compromised data: Dates of birth, Email addresses, Genders, Names, Passwords, Phone numbers, Physical addresses

HIBP’s summary is:

In April 2019, the social planning website for managing online invitations Evite identified a data breach of their systems. Upon investigation, they found unauthorised access to a database archive dating back to 2013. The exposed data included a total of 101 million unique email addresses, most belonging to recipients of invitations. Members of the service also had names, phone numbers, physical addresses, dates of birth, genders and passwords stored in plain text exposed.

– Have I Been Pwned: Pwned websites - Evite

If you are asking yourself, ‘OK but what am I supposed to do?…’ your best bet is to check your Evite password. If you know that you have reused that password elsewhere, particularly on financial or email accounts, change those passwords now. Likely damage would have already been done, since apparently the stolen data has been for sale since April, but better late than never when it comes to protecting yourself. If you are unsure whether you still have an account, go to evite.com/login and, if needed, request a password reset email with the “Forgot Your Password?” link at the bottom of the form to determine if your email address has an associated account.

If you have any further questions or want help, feel free to get in touch using one of the links below.