Cyber Attack of the Week 23

Hello, everyone! Today is Friday, August 6th, 2020. Can you believe we are already in August? Due to COVID, I personally feel I am mentally stuck in March. But now, we are nearing the end of summer, and rolling into fall. 

Further, what I have determined through the years is that as the fall weather looms and more people cozy up in their homes, decorating the space you live in becomes a hobby. (For myself at least!)

Getting to the point, during this time, many people turn to various platforms for design inspiration. This could include sites like Pinterest, Instagram shops or today’s site of discussion, Havenly.

 

What is Havenly?

To begin, Havenly is an online platform that allows users to interact with designers through their site to design and decorate their homes. Their process allows customers to match with a certified designer, collaborate on the space, and even buy items if they desire. 

 

Overall, this is an innovative platform that takes the travel and scheduling struggles out of home design.

 

“Homes” Under Attack

Moving on, Havenly recently experienced a large data breach. Further, the breach leaked over 1.3 million records from the Havenly site. 

This attack goes deeper than just Havenly. Before the release of their specific attack, the ShinyHunters hacking gang listed 18 companies’ records on a public hacking forum. Within the 18 companies lies over 386 millions records up for sale. 

 

                                              Photo Via BleepingComputer

 

Among those millions of records, 1.3 million of those belong to Havenly.com.

Security news site BleepingComputer released the listing in their initial report of the breach. The site reports that, 

 

“From the samples of this database seen by BleepingComputer, the leaked data included a user’s login name, full name, MD5 hashed password, email address, phone number, zip, and various other data related to the usage of the site.”

 

Havenly Response

Continuing on, several days after news of the Havenly records being listed online, the company released a statement. 

Havenly states that they recently became aware of a “security situation”. A portion of their response is as follows.

 

“We take the security of our community very seriously. As a precaution, we wanted to let you know that we recently became aware of a potential incident that may have affected the security of certain customer accounts. We are working with external security experts to investigate this matter.”

“However, in the meantime, out of an abundance of caution, we are logging all existing customers out of their Havenly accounts and asking our customers to reset their password when they next log in to the Havenly website. As a best practice, we also encourage all of our customers to use different passwords across all online services and applications, and to update those passwords now and on a regular basis,”

 

The company also reports that they do not store full credit card information. Rather the last four digits and that is only in some cases. They believe that this information is not enough for the attacks to engage in any type of fraudulent behavior.

 

Next Steps for the Company and Customers

Overall, Havenly will presumably continue to work with cyber security investigations in order to resolve the issue. As a result of the attack, the recommendation for increased security of the site is a must. 

For users, even though the released passwords were encrypted, that can easily change. CPG recommends that users completely change their passwords and evaluate their accounts. 

Also, continue to monitor any linked accounts to the site, or update passwords for other accounts if the same one was used for Havenly. 

All in all, 1.3 million records is a lot to be exposed. Hopefully Havenly.com does everything in their power to resolve the situation and help their customers that were put at risk. 

 

By Taylor Ritchey