BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Company that manages users' online rep hit by breach

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Wed, 1 May 2013 20:17:16 -0400
http://www.scmagazine.com/company-that-manages-users-online-rep-hit-by-breach/article/291582/

An undisclosed number of customers had their personal information
accessed, after an online reputation management company was breached.

On Tuesday, Reputation.com, a Redwood City, Calif.-based business,
sent emails to customers about the incident. The company provides
services such as removing negative or unwanted information about
individuals or businesses from search sites.

According to the email sent to customers, accessed data includes
names, email and physical addresses, and in some instance, phone
numbers, dates of birth and job information of clients.

In addition, encrypted user passwords were breached for a “small
minority” of Reputation.com users.

“A list of highly encrypted (‘salted' and ‘hashed') user passwords for
a small minority of users was accessed,” said the email. “Although it
was highly unlikely that these passwords could ever be decrypted, we
immediately changed the password of every user to prevent any possible
unauthorized account access.”

Salting is a security method where a sequence of symbols is added to
passwords before they're hashed, as an added layer of security.

SCMagazine.com reached out to the company, but did not hear back immediately.

Reputation.com is offering a year of free credit monitoring to
affected customers. The company has said that no financial
information, Social Security or driver's license numbers, or details
regarding clients' accounts or services were exposed in the incident.

In the email, the company said it “swiftly shut down” the attack on
its network, once it was discovered.

LivingSocial, a daily-deal website, is the most recent online company
to suffer a similar breach.

Last Friday, the company announced that more than 50 million of its
customers were impacted when its computer systems were hacked,
exposing the email addresses, dates of birth and salted passwords of
users.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.
Previous By Date Next
Previous By Thread Next

Current thread: