Goodwill has reportedly become the victim of a data breach that is directly impacting the users of its ShopGoodwill.com e-commerce platform.
TechRadar reports that hackers made their way into the company’s platform via an exploitable vulnerability that allowed them access to customer names, phone numbers, email addresses, and postal addresses. The larger unanswered question is how many customers the breach actually affected.
Goodwill stated that it patched the vulnerability that led to the exposure. In a letter sent to customers affected by the hack, company Vice President Ryan Smith said the silver lining in this attack is that no customer financial data was stolen.
"We were recently alerted to an issue on our website which resulted in the exposure of some of your personal contact information to an unauthorized third party,” Smith said. “No payment card information was exposed; ShopGoodwill does not store payment card information. While the third party accessed buyer contact information, they did not access your ShopGoodwill account."
Still, this is not a good look for the donation-driven company. In 2014, an estimated 868,000 credit and debit cards were compromised when the company’s computer network was infected with malware that gave hackers access to customer credit card data.
Stolen data could lead to more trouble
Although financial information wasn't included in this hack, that information that was stolen could still lead to future problems for consumers.
Hackers have been known to use stolen personal information for identity theft, which was on the rise in 2021. They could also combine the information with stolen passwords from other hacks in password spraying attacks to compromise other important accounts.
For more information on identity theft trends and statistics, check out ConsumerAffairs' guide here.