AnyVan confirms digital break-in, says customer names, emails and hashed passwords exposed

2021-01-19 08:45

Anyvan, the European online marketplace that lets users buy delivery, transport or removal services from a network of providers, has confirmed it was the victim of a digital burglary that involved the theft of customers' personal data.

The company wrote to customers mid-last week to inform them of a "Breach of security resulting in the unauthorised access to data from our user database," according to the email seen by The Register.

"This leaking of data came to our attention on the 31st December but we understand the incident itself occurred at the end of September. As soon as the incident came to our attention, our specialist IT team investigated it and have since taken the following remedial action: all passwords have been changed."

The data in question? "Customers' names, email and a cryptographic hash of their password were accessed and 'potentially viewed' but no other personal data was unwittingly shared. A probe of events continues," said Anyvan.

El Reg sent a list of questions to AnyVan last week about the compromise of its internal systems, asking how entry was gained; how it has since been secured; whether the password hashes had been salted; and whether customers in mainland Europe had been impacted or just those in the UK. We also asked if it had informed the ICO. We can answer the last one.

"However, any matter involving customer data and privacy is taken extremely seriously and as such we have conducted a thorough review, engaged with third party technical consultants, put additional security measures in place, and of course notified potentially affected customers".

News URL

https://go.theregister.com/feed/www.theregister.com/2021/01/19/anyvan_confirms_digital_breakin_says/

#digital #email