The Boston-based e-commerce startup has become the latest victim of a data breach which impacted nearly 2.5 million accounts. The breach wasn’t discovered until July 13 and stolen data records are available on dark web for sale.Â
A couple of weeks after detecting a breach in its system that leaked data records of nearly 2.5 million users, Boston-headquartered Drizly, an ecommerce platform, has now sprung into action and enlisted a cybersecurity firm for remediation measures. Saryu Nayyar, CEO at Gurucul Solutions Pvt Ltd told SiliconANGLEOpens a new window , “The reported Drizly data breach is interesting for what it shows about attacker dwell time — the time between an initial breach and the victim noticing it.â€
The breach exposed user data records such as email addresses, hashed passwords, birthdays and addresses of customers which are now available on the dark web. Reportedly, the company detected the breach in mid-July, which is speculated to have happened in February this year. A spokesperson for Drizly told TechCrunchOpens a new window , “In terms of scale, up to 2.5 million accounts have been affected. Delivery address was included in under 2% of the records.â€Â
TechCrunch managed to get a hold of a listing on a dark web marketplace which was posted on February 13. The screengrab shows the listing claims the data to be from ‘Freshly Hacked drizly.com Account with valid CC attached and Order History’.
See Also: Garmin Aims to Resume Service After Ransomware AttackOpens a new window
However, in an email to its customers, Drizly wrote that no financial information, of either credit or debit card was compromised. This contradicts the listing on the dark web.
Looks like somebody hacked Drizly… pic.twitter.com/z8y29uJIjzOpens a new window
— Ken Bruno (@kenbruno) July 28, 2020Opens a new window
Also, since the passwords were encrypted, they cannot be used to log into user accounts. The company advised users in the email, “Even though the hashed passwords cannot be used to log into your account, out of an abundance of caution, we encourage you to reset your Drizly password.†If decrypted, the compromised passwords can be used to find a way into other user accounts like those of banking, social media etc.Â
This begs the question: is changing the password enough? Drizly has initiated an investigation with the help of a cybersecurity firm.Â
Data breaches have become a common occurrence, but companies of all sizes are still grappling with incident response. IBM’s recent 2020 Cost of a Data Breach report estimates that an average data breach costs nearly $3.86 million. With the right technology and privacy arrangements in place, organizations can be better prepared before disaster strikes. Â
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!