Here we go again, from the register:
Australian e-tailer digiDirect customers' info allegedly stolen and dumped online
Probably the fourth time this year my personal details has been leaked. Why can’t they at least tell us that our data has been leaked so we can monitor our online accounts,etc…..
There really needs to be a standard enforced upon these companies with annual audits of their cybersecurity. If they don't meet the standard then they can't trade until they do. This is getting ridiculous.
They also bought Booktopia a few months ago.
Edit. This is also why recently I'm starting to use the "log in via Google" option for some places because I don't trust smaller orgs with data handling at all.
How does it work? (Log in via google, facebook, etc) I mean the company will still see our name address and others details if they get hacked, right?
My understanding is it's a B2C so they shouldn't be holding any of your data. I could be wrong though
it's a system called oauth. it boils down to trusted identity providers can vouch that you're you.
you hit login with google, it hands the site a token saying "this person is xyz, i am google, here's all the other info you requested (which you'll approve before it's shared)"
But in this case (digidirect) once we log in and buy something, we need to enter our delivery addresses phone and cc.
If hacker hacks digid, they get the info? Or no?
@CyberMurning: yep, if digi gets hacked they'd get whatever info you've entered into their site. but the most important part for some people is not getting the password, which they would never have because you've logged in with a token not a username/password combo.
It’s become a point where it’s better if companies just email you if your data HASNT been leaked
“Hey 87percent, just letting you know that your data wasn’t leaked this week. From your ISP”
But we cant promise anything next week
Please keep praying as we dont give a fkking care about it
I just received an email by Google saying that my data was leaked by digidirect on the “dark web”. Nice.
@tivot Did your google result say it was from Digidirect? Or DigitDirect? I suspected it was digidirect, but my google hit says it was digit (with a t) but I've never seen/heard of digitdirect before…
Yes, it literally says
"digitdirect.com.au
Your info was in a data breach and found on the dark web on 16 Oct 2024"
I can see it here:
https://myactivity.google.com/dark-web-report/results
Yeah thats the exact same hit as mine, but I was very confused at first because I've never interacted with DigitDirect (with a T after Digi), but bought from DigiDirect over three years ago
well just in my spam folder there is an email addressed to my email address +digi extension I used. First time I've actually ever seen one of my + extensions in my spam. So consider it confirmed they've been hacked.
If taking a week for a click and collect to be ready wasn't enough of a reason to avoid DigiDirect, then this is it.
I have many reasons to avoid them this is a cherry on top.
I can also confirm my unique email for digi has started receiving spam.
Yep. My email, postal address, name, company name. All leaked. And they haven't even notified us yet. Bastards.
Isn't there a requirement for notification? It's been technically 3 weeks since the breach was first put out there. Only getting the Dark Web monitoring alert now, but surely Digi is going to have issues if they don't notify their customers.
Wonder how we get a class action going. They should pay for identity monitoring services
Got a response from Digidirect / Dodgy direct
Thank you for reaching out. I appreciate you taking the time to connect with us regarding the recent data breach involving the compromise of non-sensitive personal information from our website and I do apologise that this has occurred.
I want to clarify that the information accessed does not include sensitive data or credit card information; it includes names, email addresses, delivery addresses, phone numbers and similar such data.
As soon as we became aware of this, we engaged cybersecurity experts and relevant service providers to address the situation swiftly. The attackers are off the system now and we are performing 24/7 monitoring.
The relevant authorities, including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, are collaborating with us to investigate the breach.
We suggest a few precautionary steps to help protect your information:
Change Your Passwords: Please update any passwords on the digiDirect website and for sites where you may have used the same password.
Use strong, unique passwords for each of your accounts.
We are hopeful this process will reveal to us exactly which customers have had their personal information released on the dark web. In the meantime, please don’t hesitate to contact us with anything to report.
If you have any more questions or need further assistance, please don’t hesitate to let me know.
"the compromise of non-sensitive personal information"
Name, email, address, date of birth and phone number isn't considered sensitive?
Same response from them -
"I hope you’re doing well! I wanted to take a moment to update you regarding the recent data breach.
I’m happy to inform you that the issue has been resolved, and we’ve taken all necessary steps to ensure your information is safe. I want to reassure you that no sensitive data was compromised during this incident."
Name, email, address, date of birth and phone number isn't considered sensitive?
Where did they get date of birth from?
My DOB is in my digiDirect profile. For no good reason they store your DOB.
I don't even buy from these guys anymore because they are so incompetent.
I'm ded. Just got an email from HIBP that my data was compromised.
Got an email from Google, told me my personal information was leaked on the dark web.
Until today, got nothing info from digiDirect.
And not the last time either.