Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Design Marketplace Minted Confirms Recent Data Breach

Minted, an online marketplace of crowdsourced art and graphic designs, this week confirmed that it was the victim of a data breach earlier this month.

Minted, an online marketplace of crowdsourced art and graphic designs, this week confirmed that it was the victim of a data breach earlier this month.

Founded in 2007 and headquartered in San Francisco, the online marketplace holds regular design challenges in which thousands of independent artists and designers participate. Thousands of designs are submitted each week and marketplace visitors vote to help choose the winners, which end up being sold on the site.

Information on a security incident affecting Minted became public several weeks ago, when a hacking group referred to as Shiny Hunters started advertising user records stolen in multiple fresh data breaches, including information exfiltrated from Minted.

At the time, the hackers said they were in possession of 5 million user accounts, and were asking for $2,500 for the data.

Minted, which appears to have been alerted on the data breach only after the first reports emerged in online media, launched an investigation into the incident, and discovered that hackers were indeed able to breach its user account database on May 6, 2020.

The investigation revealed that the cybercriminals managed to compromise customer names, along with the login credentials to their Minted accounts, which include email addresses and passwords (hashed and salted).

Additionally, the hackers accessed the telephone numbers and billing and shipping addresses of users. For some of them, the date of birth was also exposed (for less than 1% of the impacted users).

“Based on our investigation to date, we have no reason to believe that the following information was affected: payment or credit card information, customer address book information, or photos or personalized information that customers added to Minted designs,” the company said.

Advertisement. Scroll to continue reading.

Although the affected passwords were not stored in plain text, Minted is requesting customers to change passwords for their Minted accounts, as well as for any other online accounts for which the same email address and password combination was used.

“As always, customers should be cautious of any unsolicited communications that ask for personal information and avoid clicking on links or downloading attachments from suspicious emails,” Minted also says.

“End users will want to continue vigilance when it comes to spear phishing or targeted emails about their accounts. By sharing their password or some other sensitive information from the breach, a criminal’s email will entice them to open attachments or click on links related to these attacks and thus compromise their systems further. People need to make sure they are using different passwords for various sites and accounts. In the unfortunate event of a data breach, they only need to change the one password versus now being susceptible to attacks on their accounts on different sites because they used the same password,” James McQuiggan, security awareness advocate at KnowBe4, said in an emailed comment.

Related: Hacker Group Advertises Data From Multiple Fresh Breaches

Related: Meal Kit Service Home Chef Confirms Data Breach

Related: GoDaddy Notifies Customers of Data Breach

Related: Chegg Informs Employees of Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.