PETITIONS.BY website was hacked, as a result of which information about 600 thousand users was in open access, "Our Niva" said today, referring to the newsletter of the site administration (not all users received such a letter, there are no doubts that the administration sent him).
"Because of the unforeseen situation, more than 600,000 accounts were made public in the work of our team. We are sorry. Be vigilant, these data can be used by fraudsters. In order not to become a victim of fraud, please do not move on unknown links, do not answer calls and messages from unknown numbers, "the site says. The screenshots of this message have already appeared on the network.
Note that there is no information about hacking on the site. As soon as the official comment will appear about what happened, we will add it.
Supplemented
In the late afternoon, the Belarusian teams of Telegram began to complain about the mass spam newsletter on behalf of various channels. The messages speak of a phone number to a certain database. These messages are sent by automatic mailing. All you need to do is to block the user suddenly appeared in the user's ribbon.
The Svetlana Tikhanovsky office confirms that neither the office nor "voice" have nothing to do with this newsletter. Svetlana Tikhanovskaya has official accounts in social networks - and only through them its communication can go. The statement says that the data of the "Voices" users are under reliable protection, it is impossible to hack and contribute to any databases. For 8 months of the existence of the platform, no user was revealed. And today is no exception.
The founder of Petitions.by commented on the likely hacking
The founder of the site Vladimir Kovalkin acted on hacking.
- What happened? An attacker managed to hack the account of one of the moderators and create a fake mass mailing to the user. Hacking was discovered for 10 minutes, and the mailing list was stopped. Nevertheless, about 15 thousand users managed to get a fake letter.
Could leak some data? Yes, the conditionally public data of the signature, which the user leaves under the appeal and which is possessed by any official, considering the appeal: FULL NAME, address, e-mail. No other PETITIONS.BY data requests and does not handle. That is, your payment cards, an email account, accounts in social networks are all safe.
What are we going to do with it? We will conduct an additional security audit and efforting protection. The last year of Petitions.by is under constant attacks of intruders: we are "dtained", passwords are triggered to accounts, try to crack the SQL-injection database. We enhance network protection settings, add Capps, which does not always have a positive effect on user experience, but allows you to beat the attack. We also never request and do not store data more than necessary for an official signature under the petition. From this situation, we will draw conclusions and exit stronger and protected.
Our channel in Telegram. Join now!
Is there something to tell? Write to our telegram-bot. It is anonymously and fast