Monday, August 28, 2017

Zazzle resets passwords after hackers brute-force accounts

(Image: file photo)

Zazzle is warning customers that their accounts may have been compromised.

The company said in an email to customers that hackers gained unauthorized access to a number of accounts. The email said that the hackers used brute-force techniques to cycle through account usernames and passwords that were stolen from a breach of another unnamed site.

The online marketplace denied that its systems had been directly breached.

As is often the case, the company wouldn't say how many accounts had been improperly accessed, but the company's chief technology officer, Bobby Beaver, said in an email to ZDNet that it's "a relatively small number of accounts."

We're working on getting a specific figure, but it's worth noting that the number of affected accounts was large enough to alert the California attorney general, who requires businesses to notify customers of a data breach or an exposure affecting more than 500 California residents.

Zazzle said that customers will be prompted to choose a new password when they next visit the site.

"The reset procedure we referenced requires the user reconfirm their email address by sending a security token to that email address," said Beaver. "As such, a malicious actor could not reset the password for the account -- unless they had access to the email account itself, which is not in our control."

Zazzl's login page now features a one-click CAPTCHA box, aimed at slowing down automated login attempts, and the company said it was "currently evaluating additional safeguards" to deter similar attacks.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More



from Latest Topic for ZDNet in... http://ift.tt/2wDUVpu

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.