The company realized that it had been hacked until it discovered its information on sale in dark web forums
StreetEasy recently confirmed the hacking and
data breach of nearly one million user accounts on the platform. According to network
security and ethical hacking specialists from the International Institute of
Cyber Security, the stolen information is available for sale in various dark
web forums.
According to reports, the company realized on
the attack last weekend, after discovering that a user of dark web was offering
the compromised information, said StreetEasy spokesman, Lauren Riefflin.
According to the spokesperson, the leaked data include:
- Users’
full names - Email
Addresses - Encrypted
passwords
Through a statement, StreetEasy added that, in
addition to the aforementioned data, hackers had access to the last four digits
of the payment cards of affected users, type of payment card, expiration dates
and addresses of billing, although the company clarified that most of these payment
cards were expired. According to StreetEasy, this dataset is earlier than the
year 2016, so most of these records are overdue.
The company has not revealed details about how
hackers managed to access the compromised information, but ensures that the
necessary steps have been taken to prevent additional attacks, such as
restoring user passwords.
Network
security
experts believe this data theft may be linked to a recent cyberattack campaign
against various companies and then sell stolen information in dark web forums,
deployed by a single hacker.
StreetEasy is a real estate rental and purchase
platform focused on the New York area. Spokespersons for Zillow, its parent
company, have confirmed that data breach has not affected its operations.
In its statement, StreetEasy mentions: “We take
the privacy and information security of all our clients very seriously. Our
network security teams have undertaken a series of actions to strengthen our
security and ensure our data safety against possibly upcoming attacks” concludes
the company’s statement.
