Threat actors hacked the popular Touchnote company

On 4th November 2015, Touchnote company received information confirming that is has been the victim of a data breach that exposed customer data.

Data breaches are becoming a daily event, the last one in the headlines it the hack suffered by the Touchnote postcard app.

Hackers have stolen customer data from Touchnote database, the popular app that is used to create postcards from pictures taken by the users. The app is very popular because is comes pre-installed on millions of handsets, nearly 4 million postcards have been sent via the Touchnote app since it was launched in 2008.

The company has already informed its customers via email, according the official statement issued by Touchnote hackers have accessed users’ personal information, including names, email and home addresses.

“On 4th November 2015 we received information confirming that Touchnote has been the victim of criminal activity, resulting in the theft of some of our customer data.

The data that was accessed included your name, email address, postal address and your Touchnote order history, registered with Touchnote does not store your full credit/debit card number, expiry date or security code. Therefore, this information was not accessed.

The data that was accessed included the last four digits of your card number (e.g. XXXX XXXX XXXX 1234) which on its own cannot be used for making financial transactions.” states the email.”

The company informed the customers that it is supporting investigation conducted by the UK’s National Cyber Crime Unit, at the time I’m writing there is no news regarding the real number of affected users.

The company highlighted that financial data was not exposed by the data breach, the hackers compromised only the last four digits from customer cards, but the firm clarified that it doesn’t store full card information (card numbers, expiration dates or security codes).

Touchnote stored passwords in an encrypted format, anyway it is recommending customers to change them.

“None of the data that may have been accessed is financially sensitive,” Touchnote said.

The company announced an improvement of its security measures.

Touchnote users are invited to carefully read the Q&A page published on the company website, other info will be provided via Twitter.

Pierluigi Paganini

(Security Affairs – Touchnote, data breach)