Papaki.gr's security team informed the company's customers about a breach in its infrastructure. The email states:
Our team recently detected unauthorized third-party access to our systems. As a security precaution, we strongly recommend that you enable 2FA (two-factor authentication) on your account by following these simple steps and modify the service passwords you have with us.
To prove that this is a legitimate email communication, we also created a blog post on our official website, here.
What happened?
We recently had evidence that an unauthorized third party had gained access to our systems around July 2023.
We are taking this matter seriously and are actively working to address the situation to protect our customers and their data. In response, we immediately launched an investigation to determine the impact on our customers.
Interim results of this ongoing analysis show that:
There is a risk that the third-party attacker was able to access user accounts, although current evidence suggests that unauthorized access likely only occurred to two individuals from our customer base.
What data of yours may have been affected?
Based on the current status of our investigation, the following personal data of yours may have been leaked:
Data related to the authentication / identification of data subjects, such as credentials (username and password for our services), name or contact information (email, phone number, etc.).
Billing details (invoices, etc.).
Domain information and registrant contact information.
If you have data hosted on us, there is also a risk that it has been compromised.
There is no risk associated with your credit card data as we do not process this information. E
What are we doing to manage the situation?
We have engaged an external third-party forensics expert to help us understand what has happened, what the impact is on our customers, and what steps we need to take to improve your security.
We have notified the relevant authorities of the incident to ensure cooperation and the best possible response.
We are working on an additional security feature that will require further authorization from you when you make significant changes to services in your account.
Based on the results of our investigation, we will take any further technical and organizational measures deemed necessary.
What you have to do?
We encourage you to implement the following practices to improve the security of your account:
1. Enable 2FA (two-factor authentication) on your account to increase security. Enabling 2FA enhances access security by requiring two methods to verify your identity. You can enable 2FA by following a simple process described here.
2. If you use some of our services, such as mailboxes, WordPress, database access, FTP or other applications, we also advise you to immediately change the passwords you use.
3. If you use your credentials from Papaki for other third parties or services, you should change them immediately.
If you require more details about this incident, please do not hesitate to contact us at [email protected]. If you would like to know more about your rights or wish to make a complaint, please contact our Data Protection Officer at [email protected]
We thank the friend of iGuru.gr for the timely information
Hi, are customer passwords accessible by admins and not encrypted?