From October 3rd till December 18th, 2015 an unknown party was able to access two cloud providers used by Gyft without authorization. This party was potentially able to view & download the following information:
- Names
- Contact information
- Dates of birth
- Gift card numbers
- Gyft log in details
- Coinbase accounts linked to Gyft could have been used to purchase more gift cards
Full credit card details were not able to be accessed. As soon as Gyft realized that this data breach occurred, they made users who potentially had their data compromised change their password and logged out affected users. If you attempted to log into Gyft between March 19th and December 4th your log in details may have been compromised (I’m unsure why this has a different date range). According to Krebs On Security (who first reported this issue in mid December of last year), this issue has affected a high single digit percentage of Gfyt users.
What You Should Do
- If you have a Coinbase account linked, make sure no unauthorized transactions were made between October and now
- Monitor any gift cards that were in your Gyft account before January 8th
- Change any logins that share information with your Gyft account (I recommend using a different e-mail/password combo for each website to avoid this issue).
I’m not sure why Gyft has taken so long to notify customers of this data breach when Krebs On Security was aware of it in mid December. The only started sending out press releases and mail outs to affected users on February 5th. More information about this breach and F.A.Q’s can be found here.
