A million StreetEasy accounts hacked

The data breach includes email addresses, usernames, passwords and may include partial credit card numbers, expiration dates, and billing addresses

New York /
Feb.February 19, 2019 05:45 PM

(Credit: iStock and StreetEasy)

Now you can shop for StreetEasy user accounts on the dark web.

In an email to users Tuesday, StreetEasy said login information for accounts on the site had been hacked by an “unauthorized party” and are currently for sale on the dark web. The company said some financial information might also have been accessed in the hack.

“The stolen data includes email addresses, usernames, and encrypted passwords,” StreetEasy’s communications director, Emily Heffter, said in a statement. “In our investigation, we determined that phone numbers, the last four digits, card type, expiration dates and billing addresses of some mostly expired customer credit cards may also have been accessed.”

Heffter said the hacked information did not include full credit card numbers or CVV/CVC codes.

An unknown hacker is currently selling one million stolen StreetEasy accounts on the dark web alongside information stolen from other sites including MyFitnessPal, Houzz and ClassPass, according to reporting from Tech Crunch. It is not clear when the hack took place.

The same hacker is responsible for posting 841 million records for sale on the dark web, stolen from 30 different companies, according to the tech-news site. A review by TechCrunch did not find any financial data in the hacked information.

StreetEasy said the hacked information was stored on a 2016 database backup. In its email, the company encouraged “potentially exposed users” to reset their passwords, and to monitor their credit card accounts for unauthorized activity.

“We are taking a number of actions to strengthen our internal safeguards to protect against future attempts to gain unauthorized access to our systems,” Heffter said, but declined to comment on specific steps the company will take.

In August 2018, StreetEasy was targeted as part of an anti-Semitic hack that also targeted Snapchat, Citi Bike and the New York Times. All the sites were using maps from the third-party company Mapbox. The hacker changed the display name on their maps from Manhattan to “Jewtropolis.” The attack affected StreetEasy’s building pages, which consolidate information about properties.

The hack was identified within hours.


Related Articles

arrow_forward_ios
135 Joralemon Street in Brooklyn Heights and 48 2nd Place in Caroll Gardens (Credit: Wikipedia)

Brooklyn luxury market saw 15 contracts signed last week

Brooklyn luxury market saw 15 contracts signed last week
130 Furman Street and 296 Sixth Avenue in Brooklyn

Brooklyn’s luxury market saw 22 contracts close above $2M last week

Brooklyn’s luxury market saw 22 contracts close above $2M last week
The state of new development, according to those who build and sell it

The state of new development, according to those who build and sell it

The state of new development, according to those who build and sell it
83 1st Place in Carroll Gardens and 952 East 9th Street in Midwood (Credit: Google Maps)

Brooklyn’s luxury market saw 16 contracts above $2M signed last week of May: Stribling

Brooklyn’s luxury market saw 16 contracts above $2M signed last week of May: Stribling
REBNY president John Banks and Zillow CEO Richard Barton (Credit: iStock)

Two years after Premier Agent fracas, NYS regulators tighten rules for online ads

Two years after Premier Agent fracas, NYS regulators tighten rules for online ads
From left: Robert Reffkin, Elizabeth F. Stribling, Elizabeth Ann Stribling-Kivlan, and Compass COO Maelle Gavet; Inset, from left: Linda Maloney and Megan Scott

Two months after Compass deal, Stribling’s seeing a string of departures

Two months after Compass deal, Stribling’s seeing a string of departures
The interiors of 16 Sidney Place and 15 Willow Street in Brooklyn

Brooklyn’s luxury market saw 20 contracts close above $2M last week: Stribling

Brooklyn’s luxury market saw 20 contracts close above $2M last week: Stribling
215 Clinton Avenue and 16 Grace Court Alley in Brooklyn (Credit: Google Maps)

Brooklyn’s luxury market saw 15 contracts close above $2M last week

Brooklyn’s luxury market saw 15 contracts close above $2M last week
arrow_forward_ios

The Deal's newsletters give you the latest scoops, fresh headlines, marketing data, and things to know within the industry.

Loading...