Security breach hits DivShare, unauthorized access to its database

June 19th, 2008

The popular document and media sharing service DivShare, suffered a security breach according to a securityDivShare Logo announcement posted by DivShare’s support team earlier this week :

Late last night we were alerted of a security breach that allowed a malicious user to access our database, which included user e-mail addresses and other basic profile information. No financial information has been accessed by any unauthorized parties. We have taken extreme measures to secure the site in the last 12 hours and are currently in the process of rolling out new security precautions, which is why many files are currently unavailable. We apologize for this inconvenience and for the oversights that allowed this security breach to take place. We take the security of all data and files very seriously and are embarrassed and regretful that an intrusion was allowed to take place on our watch.

Please rest assured that no financial information whatsoever has been compromised. While we are not aware of what data has actually been accessed or copied, the database included user e-mail addresses and other data you may have saved to your profile, such as your first name. We are not aware of any files being accessed without permission, but we recommend that you change your account password and the passwords on any private folders as a security precaution.

DivShare’s courage to communicate and admit the security breach at the first place, speak for a great deal of professionalism, since the short term negative impact of the breach is worth it compared to the long term negative publicity due to the fact that a company acts like nothing ever happened.

With DivShare still unaware of the severity of the breach and what type of data was accessed besides the email addresses and the associated names, it’s stolen databases like these who act as the foundation for targeted malware attacks, spear phishing attempts, and last but not least, spam, since the email database will sooner or later find itself in the hands of spammers.

[Source: Zdnet]