Gumtree 'fesses up to breach and personal information leak
Email addresses, names and phone numbers accessed, but only in Australia
UPDATE eBay's even tattier tat bazaar Gumtree says it's suffered an attack during which users' personal data was encountered by parties unknown and unauthorised.
The Register has seen multiple posts in which members of the site report receiving an email with the following text:
“We are writing to let you know that some of your Gumtree account information was compromised in a security attack last weekend,” the email said.
“The attackers accessed your email address. Contact names and phone numbers, which are made publicly available on the site if provided, were also accessed.
“Your Gumtree account password was not accessed. Payment details were also not compromised; we don't store any payment information on our site.”
The Register has asked Gumtree to explain the extent of the breach, as while the site's roots are in Australia eBay has propagated it worldwide.
If and when Gumtree responds, we'll update this story.
Gumtree's had a tough time of it lately, as it recently served the Angler exploit kit to visitors. ®
Gumtree Australia has been in touch to let us know the incident only impacted Australian users.
The statement we've been sent points out that members names and phone numbers were already public, having been made available in ads.
"Account passwords were not accessed," the statement says, adding that "The incident was resolved within minutes of discovery and was an isolated event, only impacting some Gumtree Australia accounts."
"We’ve since taken extra steps to protect user information. The affected users, privacy regulators and the Australian Federal Police have been notified."
The site also swears that "Safety and security of our community remains our number one priority and we continue to educate our users about staying safe online and identifying potential scams or phishing attempts from fraudulent parties.”