What happened in the Locally data breach?
Twingate Team
•
Apr 25, 2024
In October 2022, the online-to-offline shopping solution Locally experienced a data breach. Although the company acknowledged the incident privately, it remains unclear whether affected customers were informed about the breach. The event exposed a significant amount of user data, including names, contact information, purchase history, and partial credit card details, as well as password hashes.
How many accounts were compromised?
The breach impacted data related to approximately 363,000 individuals.
What data was leaked?
The data exposed in the breach included email addresses, partial credit card data, passwords, phone numbers, physical addresses, and purchase history.
How was Locally hacked?
Attackers breached Locally's systems using a combination of methods, such as bypassing two-factor authentication, exploiting old vulnerabilities, and taking advantage of human errors like weak passwords and clicking on malicious links. During the breach, malware was installed on the company's servers, which allowed unauthorized access to sensitive customer data. Locally has since taken steps to address the security vulnerabilities and remove the malware from their systems.
Locally's solution
In response to the data breach, Locally implemented several measures to enhance their security and prevent future incidents. These actions included removing the malware and backdoors used by the attackers, strengthening security protocols, and collaborating with cybersecurity experts for a thorough investigation. Additionally, although it is unclear whether affected customers were directly notified, it is recommended that they change their passwords as a precautionary measure.
How do I know if I was affected?
It remains unclear whether Locally directly reached out to affected users. If you are a Locally customer and have not received a notification, you may visit HaveIBeenPwned to check if your credentials were affected by the breach.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for all affected accounts. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on all affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
For more specific help and instructions regarding Locally's data breach, please contact Locally's support directly.
Where can I go to learn more?
If you want to find more information on the Locally data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Locally data breach?
Twingate Team
•
Apr 25, 2024
In October 2022, the online-to-offline shopping solution Locally experienced a data breach. Although the company acknowledged the incident privately, it remains unclear whether affected customers were informed about the breach. The event exposed a significant amount of user data, including names, contact information, purchase history, and partial credit card details, as well as password hashes.
How many accounts were compromised?
The breach impacted data related to approximately 363,000 individuals.
What data was leaked?
The data exposed in the breach included email addresses, partial credit card data, passwords, phone numbers, physical addresses, and purchase history.
How was Locally hacked?
Attackers breached Locally's systems using a combination of methods, such as bypassing two-factor authentication, exploiting old vulnerabilities, and taking advantage of human errors like weak passwords and clicking on malicious links. During the breach, malware was installed on the company's servers, which allowed unauthorized access to sensitive customer data. Locally has since taken steps to address the security vulnerabilities and remove the malware from their systems.
Locally's solution
In response to the data breach, Locally implemented several measures to enhance their security and prevent future incidents. These actions included removing the malware and backdoors used by the attackers, strengthening security protocols, and collaborating with cybersecurity experts for a thorough investigation. Additionally, although it is unclear whether affected customers were directly notified, it is recommended that they change their passwords as a precautionary measure.
How do I know if I was affected?
It remains unclear whether Locally directly reached out to affected users. If you are a Locally customer and have not received a notification, you may visit HaveIBeenPwned to check if your credentials were affected by the breach.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for all affected accounts. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on all affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
For more specific help and instructions regarding Locally's data breach, please contact Locally's support directly.
Where can I go to learn more?
If you want to find more information on the Locally data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Locally data breach?
Twingate Team
•
Apr 25, 2024
In October 2022, the online-to-offline shopping solution Locally experienced a data breach. Although the company acknowledged the incident privately, it remains unclear whether affected customers were informed about the breach. The event exposed a significant amount of user data, including names, contact information, purchase history, and partial credit card details, as well as password hashes.
How many accounts were compromised?
The breach impacted data related to approximately 363,000 individuals.
What data was leaked?
The data exposed in the breach included email addresses, partial credit card data, passwords, phone numbers, physical addresses, and purchase history.
How was Locally hacked?
Attackers breached Locally's systems using a combination of methods, such as bypassing two-factor authentication, exploiting old vulnerabilities, and taking advantage of human errors like weak passwords and clicking on malicious links. During the breach, malware was installed on the company's servers, which allowed unauthorized access to sensitive customer data. Locally has since taken steps to address the security vulnerabilities and remove the malware from their systems.
Locally's solution
In response to the data breach, Locally implemented several measures to enhance their security and prevent future incidents. These actions included removing the malware and backdoors used by the attackers, strengthening security protocols, and collaborating with cybersecurity experts for a thorough investigation. Additionally, although it is unclear whether affected customers were directly notified, it is recommended that they change their passwords as a precautionary measure.
How do I know if I was affected?
It remains unclear whether Locally directly reached out to affected users. If you are a Locally customer and have not received a notification, you may visit HaveIBeenPwned to check if your credentials were affected by the breach.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for all affected accounts. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on all affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
For more specific help and instructions regarding Locally's data breach, please contact Locally's support directly.
Where can I go to learn more?
If you want to find more information on the Locally data breach, check out the following news articles:
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions