Ozon Company over 450 e-mails and user passwords leaked. This happened in the winter, but it became known only now. At the same time, Ozon says that part of the data has βleftβ from third-party sites.
The database with the records was published the other day, it was posted on a site specializing in personal data leaks. Checking through Email Checker showed that the logins are up-to-date, but the passwords are no longer there. At the same time, the base was an amalgamation of two others that were posted on hacker forums back in 2018.
It is assumed that this is when the data was stolen, since Ozon CTO Anatoly Orlov announced last year the introduction of hashing for passwords. This ensures that they cannot be restored. And before that, there were reports on the Web about hacking Ozon accounts, but then the company βtransferred arrowsβ to the users themselves.
The press service of the store said they saw the database, but assured that the information in it was "quite old." According to a company representative, users set the same password on different services, and therefore the data could be stolen. Another version was a virus attack on computers.
The company said that they immediately "reset the passwords of those accounts from the list that belonged to Ozon users." At the same time, security experts claim that the base could have been βleakedβ by an employee of the company. In addition, incorrect configuration of the external server is not ruled out. And passwords could be stored in clear text, which is often found even in the largest companies. However, to prove the viability of any version at the moment is very difficult.
Source: 3dnews.ru