In May 2019, the company suffered a data breach that affected 139 million customers. The company identified the attack whilst it was ongoing so the perpetrator took to twitter to make their attack public which forced the company into swift damage control mode.
The data exposed included customer usernames, real names, email addresses, passwords and location information. Although customer passwords were breached, all the passwords were encrypted. No credit card details or designs were exposed/accessed in the attack.
In January 2020, the company became aware of a list of approximately 4 million customer accounts containing passwords stolen as part of the May 2019 breach. The attackers 'cracked' (decrypted) the passwords of affected accounts and shared that information online.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions