(Image: file photo)
Zazzle is warning customers that their accounts may have been compromised.
The company said in an email to customers that hackers gained unauthorized access to a number of accounts. The email said that the hackers used brute-force techniques to cycle through account usernames and passwords that were stolen from a breach of another unnamed site.
The online marketplace denied that its systems had been directly breached.
As is often the case, the company wouldn't say how many accounts had been improperly accessed, but the company's chief technology officer, Bobby Beaver, said in an email to ZDNet that it's "a relatively small number of accounts."
We're working on getting a specific figure, but it's worth noting that the number of affected accounts was large enough to alert the California attorney general, who requires businesses to notify customers of a data breach or an exposure affecting more than 500 California residents.
Zazzle said that customers will be prompted to choose a new password when they next visit the site.
"The reset procedure we referenced requires the user reconfirm their email address by sending a security token to that email address," said Beaver. "As such, a malicious actor could not reset the password for the account -- unless they had access to the email account itself, which is not in our control."
Zazzl's login page now features a one-click CAPTCHA box, aimed at slowing down automated login attempts, and the company said it was "currently evaluating additional safeguards" to deter similar attacks.
from Latest Topic for ZDNet in... http://ift.tt/2wDUVpu
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.