The popular online e-inviations and social planning service Evite confirmed falling victim to a data breach. The breach saw a hacker called “Gnosticplayers” put Evite users' personal data up for sale on the dark web.

According to ZDNet, the hacker also obtained data from five other companies and put them all up for sale in April. The cybercriminal reportedly hacked and stole data from firms such as Canva, 500px, ShareThis, UnderArmor, GyfCat and more.

Gnosticplayers reportedly claimed to have obtained ten million Evite user records, which included users' full names, IP addresses, email addresses and cleartext passwords. ZDNet reported that in April, the hacker Gnosticplayers demanded $1,900 worth of bitcoins for 10 million Evite user records.

Evite confirmed that the breach occurred in February and involved cybercriminals accessing a file that contained user records dating back to 2013. The firm said that users' names, usernames, email addresses, passwords, dates of birth, phone numbers and mailing addresses could have been “potentially affected” by the breach.

“Upon discovering the incident, we took steps to understand the nature and scope of the issue, and brought in external forensic consultants that specialize in cyber-attacks. We coordinated with law enforcement regarding the incident, and are working with leading security experts to address any vulnerabilities,” Evite said in a statement. “We continue to monitor our systems for unauthorized access, have introduced additional security measures, and will be prompting affected Evite users to reset their Evite passwords on their next log-in.”

Evite said that users' social security numbers and financial data was not compromised by the breach since the firm does not collect or store financial information. The firm said that it has sent emails notifying users affected by the breach. The firm also cautioned users about phishing emails, assuring them that the firm will not ask users to click on links.

Hacker image
ProtectWise uses elements of video games and virtual reality with the aim of putting the next generation of cybersecurity experts inside networks to combat threats. TypographyImages/Pixaday

“Please note that the email from Evite does not ask you to click on any links or contain attachments and does not request your personal data. If the email you received about this issue prompts you to click on a link, suggests you download an attachment, or asks you for information, the email was not sent by Evite and may be an attempt to steal your personal data. Avoid clicking on links or downloading attachments from such suspicious emails,” Evite warned.

Evite is also urging its users to reset passwords, stay on alert for suspicious activities, phishing attempts. However, it is still unclear as to how Evite was hacked and how many users were affected by the breach.