Users of the American organization Goodwill’s ShopGoodwill.com e-commerce auction site have been affected by a data breach.
According to reports, the company’s platform had an exploitable weakness that bad actors took advantage of to steal customers’ complete names, email addresses, phone numbers, and postal addresses.
The number of clients impacted by the hack is unknown, but GoodWill claims to have addressed the issue.
Using stolen information
Cyberattackers did not gain access to any accounts, and no financial data was stolen, according to a letter handed out by the company’s Vice President Ryan Smith to impacted consumers.
“We were recently made aware of a problem on our website that led to the disclosure of some of your personal contact information to an unauthorized third party,” Smith said.
“ShopGoodwill does not keep credit card information, thus no payment card information was exposed.” The third-party only had access to buyer contact information and not to your ShopGoodwill account.”
While collecting names, email addresses, phone numbers, and postal addresses may not seem to be much, it is sufficient for cybercriminals. This information may be utilized in identity theft, enabling criminals to impersonate as their victims online and acquire additional sensitive information or use it in a phishing assault.
Because many individuals use birth dates or physical addresses as passwords, this information is also valuable in password cracking. Because users often utilize the same login info across many services, it may also be exploited in the credential stuffing.
The charity assists people with impairments all across the globe and has helped 230,000 people find work in 2019. It is funded by the sale of donated items, which can be found in thrift stores all over the globe or on the ShopGoodwill.com online auction site.