Papaki.gr's security team informed the company's customers about a breach in its infrastructure. The email states:
The team found us recently unauthorized access third parties in our systems. As a security precaution, we strongly recommend that you enable 2FA (control two-factor authentication) to your account by following these simple steps and modify the service passwords you have with us.
To prove that this is a legitimate email communication, we also created a blog post on our official website, here.
What happened?
We recently had evidence that an unauthorized third party had gained access to our systems around July 2023.
We are taking this matter seriously and are actively working to address the situation to protect our customers and their data. In response, we immediately launched an investigation to determine the impact on our customers.
Interim results of this ongoing analysis show that:
There is a risk that the third-party attacker was able to access user accounts, although current evidence suggests that unauthorized access likely only occurred to two individuals from our customer base.
What data of yours may have been affected?
Based on the current status of our investigation, the following personal data of yours may have been leaked:
Data related to the authentication / identification of data subjects, such as credentials (username and password for our services), name or contact information (email, phone number, etc.).
Billing details (invoices, etc.).
Domain information and registrant contact information.
If you have data hosted on us, there is also a risk that it has been compromised.
There is no risk associated with your credit card data as we do not process this information. E
What are we doing to manage the situation?
We have engaged an external third-party forensics expert to help us understand what has happened, what the impact is on our customers, and what steps we need to take to improve your security.
We have notified the relevant authorities of the incident to ensure cooperation and the best possible response.
We are working on an additional mode security that will require further authorization from you when you make significant changes to services in your account.
Based on the results of our investigation, we will take any further technical and organizational measures deemed necessary.
What you have to do?
We encourage you to implement the following practices to improve it better safetyof your account:
1. Enable 2FA (two-factor authentication) on your account to increase security. Enabling 2FA enhances access security by requiring two methods to verify your identity. You can enable 2FA by following a simple process described here.
2. If you use some of our services, such as mailboxes, WordPress, database access, FTP or other applications, we also advise you to immediately change the passwords you use.
3. If you use your credentials from Papaki for other third parties or services, you should change them immediately.
If you need more details about this incident, please feel free to contact us at support@papaki.com. If you would like to know more about your rights or would like to make a complaint, please contact our Data Protection Officer at dpo@enartia.com
We thank the friend of iGuru.gr for the timely information
Hi, are customer passwords accessible by admins and not encrypted?