Gumtree hacked, user details stolen

By

AFP brought in.

Online classifieds site Gumtree suffered an attack on its site last weekend in which attackers used a vulnerability in the site to make off with names, email addresses and phone numbers of Gumtree account holders.

Gumtree hacked, user details stolen

The eBay-owned site began notifying affected customers of the security incident this morning.

It said while personal details of "some" Gumtree users were accessed, account passwords and payment details had not been compromised as the company uses a third-party gateway for payments and does not store the information on the site.

Gumtree said the stolen contact names and phone numbers had already been made publicly available on the site by affected account holders.

It claimed the "isolated" incident was resolved "within minutes" of discovery.

Gumtree did not detail how many users were affected by the breach. It said the incident impacted "only a portion of the email addresses we hold".

It said it had notified the Australian Federal Police of the incident as well as the Australian Privacy Commissioner.

Gumtree declined to comment on the cause of the attack but said attackers had exploited an "unknown" vulnerability.

"The security audit didn’t identify any further vulnerabilities with the system. We have, and will continue to, implement extra steps to make it harder for fraudsters to target Gumtree’s users," a spokesperson said.

It had indicated in its communication to users that the breach had stemmed from a phishing attack.

The Coalition government is currently preparing to introduce its bill for mandatory notifications of data breach into parliament. The bill is unlikely to be passed before the expected July 2 federal election.

Late last month security firm Malwarebytes revealed criminals had used Gumtree to spread malware through online display ads.

The attackers tricked an online ad network into sending out banner ads through Gumtree that attempted to lead Australian visitors to a site hosting the Angler exploit kit. Gumtree.com.au has over 45 million visits per month.

More to come

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
gumtreehackphishingsecurity

Sponsored Whitepapers

Redefining Vulnerability Management
Redefining Vulnerability Management
How JLL gained visibility into nearly 100K endpoints with Tanium
How JLL gained visibility into nearly 100K endpoints with Tanium
Why a holistic approach to managing risk is key to solving complex IT problems
Why a holistic approach to managing risk is key to solving complex IT problems
High Availability: The Foundation of Digital Transformation
High Availability: The Foundation of Digital Transformation
Nine Ways To Prepare Your Database for a High-Traffic Event
Nine Ways To Prepare Your Database for a High-Traffic Event

Most Read Articles

BoM's seven-year technology transformation cost $866m

BoM's seven-year technology transformation cost $866m
Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach
ANZ joins NAB and CBA on ConnectID

ANZ joins NAB and CBA on ConnectID
James Cook University accelerates digital roadmap and cyber uplift

James Cook University accelerates digital roadmap and cyber uplift

Digital Nation

More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
State of Security 2023
State of Security 2023
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia

Log In

  |  Forgot your password?