A hacker has leaked this month the data of more than 4.2 million users registered on Peatix, an event organizing platform, currently ranked among the Alexa Top 3,500 most popular sites on the internet.
The site’s user data was made available through ads posted via Instagram stories, on Telegram channels, and on several different hacking forums.
According to samples of the Peatix data seen by ZDNet, the leaked information included full names, usernames, emails, and salted and hashed passwords.
Most of the leaked user data belonged to persons with Asian names, which is consistent with the evolution of the Peatix startup, which first launched in Japan in 2011 and later expanded to Singapore in 2013, before opening to the US and other parts of the world.
ZDNet notified Peatix of a possible breach earlier this month, but we never heard back from the company. Nonetheless, Peatix went public and admitted its breach this week through a message posted on its website [PDF, archived].
The company said it has investigated the reports, identified the point of entry, and blocked the intruders from re-accessing its systems.
Peatix reassured users that no financial data was involved as all payments were handled through third-party platforms, and nothing was stored inside its database.
“In addition, based on our investigation to date, we have no reason to believe that any historical data of events in which users participated, any data obtained through our questionnaire function or users’ addresses or phone numbers were accessed,” the company said.
ZDNet also reached out to the hacker who shared Peatix’s data online, on one of the multiple hacking forums. This individual told us that they are not the persons who breached the company but that they were only leaking the data to sabotage a rival data breach broker.
Peatix is currently notifying all impacted users via email and requesting that they change account passwords.