This week online alcohol delivery startup Drizly confirmed with customers that it suffered a data breach.
Based on an email that was obtained by TechCrunch, customer data was confirmed to have been exfiltrated by the hacker. Data that was exfiltrated included email addresses, DOBs, passwords hashed using the stronger bcrypt algorithm, and in some instances, delivery addresses.
David Higgins, EMEA Technical Director, CyberArk has this to say about the incident:
“Drizly is an incredibly popular service used by both consumers and organizations. This is why the Drizly data breach shouldn’t be treated as just another smash and grab of user data, but as a potential spring board for further attacks, especially on companies that used the service.
A recent CyberArk study showed that 93% of people reuse passwords across applications and devices, which is why a breach of this nature can be a boon to attackers. It allows them to take advantage of password reuse to gain access to other assets and applications and, when combined with the growing number of privileged users across organizations, potentially enables the start of much more targeted and damaging attacks. Added to this, the loss of personal data is hugely distressing for the victims, resulting in continued targeting by cyber criminals using their data to perform identity fraud and social engineering scams”
For more information about CyberArk: https://www.cyberark.com/