Reverb, a popular online marketplace for musical instruments, has suffered a data breach incident and is now notifying its users. According to it, a database containing the PII of its customers was leaked online for a while and secured immediately after realizing it. Reverb suggested customersโ€™ change their passwords for good, as they regularly do for no reason mentioned how this had happened.

Reverb.com Disclosed Data Breach

Data Breach

Reverb is a popular marketplace for buying and selling musical instruments, even if theyโ€™re vintage. In a sudden intimation to its community, the platform on Monday started sending email notifications to its customers about a data breach incident it suffered this year.

The notification said the customersโ€™ information like their names, addresses, phone numbers, and email addresses were exposed through a database, which has been secured immediately after realizing. Assuring that no passwords or payment details are included in the breach, Reverb suggested customers update their passwords regularly as a good security practice.

While Reverb mentions no reason on how this had happened, Bob Diachenko, a security researcher, explained in his post as he discovered this even earlier. He pointed out an unsecured Elasticsearch database exposed to the internet containing 5.6 million records.

Each record has a specific listing on the Reverb website, which includes the full name, email address, phone number, mailing address, PayPal email, and listing/order data. Also, he confirmed the data leak to be genuine after confirming with some usersโ€™ @reverb email addresses and real-life profiles.

The database was secured even before he reported, so it should be safe now. But since itโ€™s still a data breach and lets a security researcher access, assuming that threat actors may have accessed and staying vigilant about potential cyberattacks is recommended.

LEAVE A REPLY

Please enter your comment!
Please enter your name here