26 May 2018
Visit www.fingerprints.com

Gyft reports security breach

08 February 2016  |  1939 views  |  0 Source: Gyft

In an ongoing effort to protect the accounts and account information of its users, Gyft is notifying users who may have been affected by a security incident.

Gyft is continuing to investigate the incident and will take all appropriate steps to protect Gyft users. This Media Notice is being issued to assist Gyft users and to comply with required notice obligations.

Beginning on October 3 and continuing through December 18, 2015, an unknown party accessed without authorization two cloud providers used by Gyft. This party was able to view or download certain Gyft user information stored with these cloud providers and made a file containing some of that user information. As soon as Gyft learned about the exposure, Gyft began investigating how this user information was accessed and what risks this potentially posed to Gyft customers. Fortunately, Gyft has not discovered evidence that anyone used the information potentially compromised in this incident to access Gyft accounts, make unauthorized purchases, or otherwise use the information improperly.

The information potentially accessed from the cloud providers included names, contact information, dates of birth, and gift card numbers. Gift card numbers could have been used to make unauthorized purchases. In addition, Gyft log-in credentials may have been compromised. An unauthorized party who acquired credentials could have accessed a Gyft account and used any gift cards in the account with unused balances, reward points or a Coinbase-enabled account to purchase additional gift cards.

Importantly, no credit cards stored in Gyft accounts were compromised. Full credit card numbers are not visible in Gyft accounts and all credit card purchases on Gyft require entering the card’s security code, which was not part of the information that may have been compromised.

Shortly after discovering this issue, Gyft acted to prevent unauthorized access by requiring users whose passwords were potentially compromised to reset their passwords, and logging out other affected users. The affected users who have not already changed passwords will be required to choose a new password the next time they log in.

Gyft recommends that users change their passwords for any online accounts where the same password was used for a Gyft account. In addition, if a user has a Coinbase account linked to a Gyft account, Gyft recommends that the user review any Coinbase transactions beginning in October 2015, because a linked Coinbase account could have been used to make purchases within a Gyft account. Users should also monitor any gift cards that were in their Gyft account before January 8, 2016.

Comments: (0)

Comment on this story (membership required)

Related blogs

Create a blog about this story (membership required)
Visit response.ncr.comVisit iliad-solutions.com/visit www.ebaday.com

Who is commenting?

Top topics

Most viewed Most shared
satelliteAnt Financial provides tech for China Ever...
27830 views comments | 3 tweets | 2 linkedin
Digital banking transformation creating new systemic risksDigital banking transformation creating ne...
8902 views comments | 18 tweets | 26 linkedin
MUFG to roll out blockchain payment network next yearMUFG to roll out blockchain payment networ...
7582 views comments | 13 tweets | 13 linkedin
There are some things you just can't do with an appThere are some things you just can't do wi...
6832 views comments | 9 tweets | 15 linkedin

Featured job

Six-Figure Base + OTE + Benefits
London, UK

Find your next job