Gyft has said that, beginning on Oct. 3 and lasting through Dec. 18 of last year, two cloud providers used by the company were infiltrated by “an unknown party” and user info was downloaded.
In a release by the company on Friday (Feb. 5), Gyft, a digital gift card service that utilizes bitcoin, said that though the data had been viewed and downloaded, no evidence has emerged that the information has been used to commit any malfeasance. No Gyft accounts were accessed nor were any unauthorized purchases made; at present, there isn’t any evidence that information was used “improperly,” the company said.
In listing the types of information “potentially accessed from the cloud providers,” Gyft said the data could have included names, dates of birth, contact information and gift card numbers. In this last item, the company cautioned in the release, “gift card numbers could have been used to make unauthorized purchases. In addition, Gyft login credentials may have been compromised. An unauthorized party who acquired credentials could have accessed a Gyft account and used any gift cards in the account with unused balances, reward points or a Coinbase-enabled account to purchase additional gift cards.”
However, the company noted that none of the credit cards stored within the Gyft accounts were compromised, as full card numbers are not actually visible in Gyft accounts.
The company said that after uncovering the security incident, Gyft sought to prevent further unauthorized access by requiring potentially affected users to reset passwords; the firm also logged out other users who may have been affected. Gyft recommended further that users examine Coinbase transactions dating back to Oct. 2015 and also monitor gift cards that may have been in the Gyft account before Jan. 8 of this year.