Hey You - Data Breach

neil on 03/07/2024 - 14:01
Last edited 03/07/2024 - 14:02

We are writing to let you know that Hey You Pty Ltd (Hey You) recently became aware of a cybersecurity incident during which an unauthorised third party was able to unlawfully access a Hey You database that contained some customer data.

We took immediate steps in response to the Incident to engage independent cybersecurity experts to conduct a forensic investigation.

The following types of information about you was included in the impacted database and was capable of being accessed:

Contact information (including name, email, address and phone number)
Hey You login details (including your Hey You password).

We hold this information on our systems as you are a current or former customer of Hey You.

Hey You does not store customer payment information such as credit card details in our systems, meaning that no payment information was capable of being accessed.

What can you do?

As a precautionary measure, Hey You has reset your account password. This means your current password has expired and you will need to set a new password the next time you use the Hey You app. You may also want to change your password where the same password and login email address is used on other platforms/accounts out of an abundance of caution.

We also recommend that you consider taking the follow steps to protect yourself from potential scams:

Check your Hey You app for suspicious activity.

Be alert to any suspicious emails, SMS or telephone communications that are disguised to look like they come from someone you know or trust. Verify the legitimacy of communications by authenticating the sender. This includes checking email names and domains.

Do not open links that look suspicious. If you are unsure about a link sent to you by a company, you should go to the company’s website and look for the product or service that was offered.

Be alert to phishing scams. This could include scams that target you through post or email. Phishing scams are attempts by scammers to trick people into providing their personal information passwords, credit card numbers and/or sensitive personal information.

You can find further information about online safety, cyber security and helpful tips to protect yourself at the Australian Cyber Security Centre or the ACCC’s Scam watch website.

Queries
We sincerely apologise for any inconvenience caused as a result of the Incident. If you have any queries, please feel free to contact us at [email protected].

Regards,
Asheesh Chacko, CEO
Hey You Pty Ltd

While there has been no shortage of data breaches, I'm surprised Hey You were storing passwords in plain text. It seems not everyone received the email so wondering if it was only people who signed up when they were known as BeatTheQ. Anyone else get this email today?

Food & Grocery Data Breach

Related Stores

Hey You

Comments

barge-in hunter on 03/07/2024 - 14:11

+9

We hold this information on our systems as you are a current or former customer of Hey You

Ergh. C'mon people. Delete customer's data when you don't need it anymore… and encrypting passwords is surely security 101
- boomramada on 03/07/2024 - 18:48
  
  +1
  
  Getting access to customer info is a data breach, even with the encrypted password field.
  - barge-in hunter on 03/07/2024 - 19:29
    
    +1
    
    Yes - just demonstrates ineptitude
7ekn00 on 03/07/2024 - 14:30

+5

I'm surprised Hey You were storing passwords in plain text.

It is what happens when you cheaply outsource app development/coding overseas :/
- Ghost47 on 03/07/2024 - 15:35
  
  Hey at least the CEO could buy their 26th investment property.
OMGJL on 03/07/2024 - 14:46

add salt and hash it, not that hard..
- kiitos on 04/07/2024 - 09:12
  
  Yes, that was the surprising part!
fishball on 03/07/2024 - 14:56

I have the app and credit on there, haven't been actively using it for months and didn't sign up for BeatTheQ - no email yet. Will keep an eye on it tho
mapax on 03/07/2024 - 15:04

+1

I used it once in 2019, no email yet.
- ihfree on 03/07/2024 - 15:45
  
  Looks like I last used it in 2017 for a few promos. Also no email.
sandman20104159 on 03/07/2024 - 15:10

+3

whats hey you?
- ihfree on 03/07/2024 - 15:45
  
  +1
  
  App that lets you pre-order from Cafes/restaurants.
  - sandman20104159 on 03/07/2024 - 16:01
    
    ohh ok, must be a new thing?
    - ihfree on 03/07/2024 - 16:02
      
      They've been around for a while. Bit of niche app
      
      We’re a small team of 30+ coffee lovers! We formed in 2015 after the merger of Australian tech startups Posse, Beat the Q and eCoffee Card
      - sandman20104159 on 04/07/2024 - 08:24
        
        +2
        
        @ihfree: yeah very very niche as no one i have spoken to knows what "Hey You" app is.
- Ghost47 on 03/07/2024 - 19:44
  
  It's what a girl says when she is happy to hear from you.
  - mattyman on 04/07/2024 - 11:10
    
    +1
    
    … but she's forgotten your name.
  - dmbminaret on 04/07/2024 - 18:45
    
    It's what a girl says when she is happy to hear from you.
    
    It's what a girl says when she is ~~happy~~ indifferent to hear from you.
Gdsamp on 03/07/2024 - 15:24

+2

Another day ending in 'y' in Australia
- try2bhelpful on 04/07/2024 - 09:15
  
  Around the world.
neil on 03/07/2024 - 15:27

+3

More info from CyberDaily:

A hacker is claiming to have the data of more than 100,000 customers of the order-ahead app Hey You and is offering the information for sale on a popular hacking forum.

and as for passwords:

The passwords are hashed using the SHA-1 hash function, though some of the hashes appear to have been previously cracked.
- freefall101 on 03/07/2024 - 16:28
  
  +3
  
  If it wasn't salted, then a rainbow table can pick up simple passwords immediately. If someone really cared they could spend the money to crack individual passwords as SHA-1 was broken about 20 years ago.
  
  Seems like my account had a unique password and no credit card attached, so at least nothing of value was lost.
  - pussa on 04/07/2024 - 12:09
    
    thankfully I'm in the same boat as you.
Ghost47 on 03/07/2024 - 15:36

+1

Another day, another data breach in the great country of Australia.
- SBOB on 03/07/2024 - 15:52
  
  +1
  
  the country is irrelevant
  this happens in every country around the world.
  Our legislated minimum cyber hardening/compliance guidelines requirements are as 'lacking' as everywhere elses :)
  - humdingaling on 03/07/2024 - 17:27
    
    issuing an email saying sorry for for any inconvenience caused is so much cheaper than actually installing any level of security
    - Ghost47 on 03/07/2024 - 19:43
      
      Same reason why we send our coal and iron ore to China just to buy back renewables made from them. Cheap and easy is the way!
SmiTTy on 04/07/2024 - 03:17

Long time user of Hey You (ever since SB.. Or was it CR.. used to give $0.50 cashback for every transaction) , although my last order was January and haven't touched it since

No email notification… yet…
bazingaa on 04/07/2024 - 06:03

I used this a long time ago but haven't got this email. I have deleted the account in 2020.
xylarr on 04/07/2024 - 10:57

Interesting, I didn't get an email and have been a member (and use it regularly) since ever.
I've now changed my password.
jambocool on 04/07/2024 - 12:33

Interesting. I am a member, and use it regularly but have not had any notification of this…
However one thing, the people who did get the notification, are you registered directly with Hey You using your Email and Password? As I authenticate using my Google Account, so therefore expect they dont have access to my password then :)
- neil on 04/07/2024 - 14:06
  
  Yeah, email and password.
dimitryp on 05/07/2024 - 16:39

i used facebook federated login, which means my password is safe, from what i understand. They might have got name & phone number maybe, but that doesnt concern me very much.

Havent used it for a year but used a fair bit prior to that. Was a good & handy service, imho.

Hey You - Data Breach

Related Stores

Comments

New Forum Topics