Minted, a digital marketplace for independent artists, started informing its members last week about a security incident that exposed personal information of 5 million users. Apparently, the notification was sent after the company learned its user account database was being sold on the dark web.
“We recently became aware of a report that mentioned Minted as one of ten companies impacted by a potential cybersecurity incident,” the letter reads. “We promptly undertook an investigation, with the assistance of outside forensic experts. The investigation determined that, on May 6, 2020, unauthorized actors obtained information from the company’s user account database. Since determining this on May 15, we have continued to investigate expeditiously to assess what information was impacted and identify affected individuals.”
According to Minted, the information breached includes customer names, email addresses, hashed passwords, phone numbers, billing and shipping address. For “fewer than one percent of affected customers, date of birth, also may have been impacted.”
The notification also mentioned that, “we have no reason to believe that the following information was affected: payment or credit card information, customer address book information, or photos or personalized information that customers added to Minted designs.”
What should affected users do?
Even if the passwords were not stored in plain text, the company advises users to change the password used to log into their account, and any other online account that takes the same credential combination.
Customers should also monitor their Inboxes closely, and be wary of any unsolicited emails that ask for financial information or additional personal identifiable information. Never click on suspicious links or download attachments that come from unknown sources.
Minted has also set up a customer hotline that can be found on the official website. A team of Minted employees is on call for users who might have questions regarding the incident.
Check now if your personal info has been stolen or made public on the internet, with Bitdefender’s Digital Identity Protection tool.