Evite Data Breach

The data breach monitoring service Haveibeenpwned.com has added a database dump of almost 101 million Evite users who had their information exposed when attackers gained unauthorized access to their servers.

In May 2019, Evite posted a data incident notice that disclosed an unauthorized third-party had gained access to their servers starting on February 22, 2019 and were able to access member's personal data. No financial information or social security numbers, though, were part of the breach.

"Potentially affected information could include names, usernames, email addresses, passwords, and, if optionally provided to us, dates of birth, phone numbers, and mailing addresses."

The original leaked database was being sold on the online underground market named Dream Market. This site has since been shut down, so it is not currently known where or if this larger Evite database is being sold online as well.

Due to the large amount of exposed users, anyone who has an Evite account is advised to change their password. Furthermore, if you use that same password at other sites, you should change it there as well to prevent them being used in credential stuffing attacks.