Gyft Notifies Users of Data Breach
Gyft, a company that allows users to buy, send and manage gift cards, announced on Friday that they are investigating a security incident. From October 3 to December 18, 2015, an unauthorized party accessed two of Gyft’s cloud providers and was able to view and download information from these servers. The unauthorized party was also able to make a file containing the user information.
The company said they began an investigation immediately upon learning about the breach, and are trying to determine what information was accessed.
Potentially breached information includes names, contact information, birth dates and gift card numbers. It is possible these gift cards have been used to make unauthorized purchases.
Gyft log-in information may also have been stolen, which means any person with these credentials could access a user’s Gyft account to use any gift cards with unused balances, reward points or a Coinbase-enabled account to purchase gift cards.
At this time, it does not appear as if anyone has accessed Gyft accounts to make unauthorized purchases.
No stored credit card numbers were compromised, as full credit card numbers are not visible on Gyft accounts. Also, all credit card purchases on Gyft require entering the card’s security code.
To protect customers, affected users were required to reset their passwords. Gyft recommends all users change their passwords, including those for any online accounts with the same password as their Gyft account. Users should also review any Coinbase transactions since October 2015. Any gift cards purchased before January 8, 2016 should also be monitored.