Catch of the Day hacked, waited three years to disclose

Last Friday, daily deal website Catch of the Day alerted customers that their security had been compromised, revealing names, delivery addresses, email addresses, encrypted passwords, and in some cases, credit cards. But this breach wasn't a recent occurrence, it happened in early May, 2011.

By Alex Choros

Last Friday, daily deal website Catch of the Day alerted customers that their security had been compromised, revealing names, delivery addresses, email addresses, encrypted passwords, and in some cases, credit cards. But this breach wasn't a recent occurrence, it happened in early May, 2011.

In an email sent to customers, the retailer said they took adequate action at the time. "We immediately informed police, banks and credit card companies who assisted us in taking action to protect our users, which included cancelling credit cards and launching investigations into the perpetrators." The email did not clarify why the organisation waited to so long to inform their customers.

In May 2011, when the breach occurred, there was heavy speculation that James Packer was looking at investing $40 million in the organisation. On May 23, Catch of the Day received an $80 million investment from a consortium led by James Packer and Andrew Bassat. The investment was the largest in Australia's ecommerce sector, and valued the online retailer at $200 million.

Catch of the Day cited "technological advances" as the reason for now disclosing the hack. "There is an increasing risk that those hashed passwords may become compromised, which is why we are asking all those users with accounts created before 7 May 2011 to change their passwords."

Catch of the Day advise anyone who has not changed their password on catchoftheday.com.au since May 2011 change it immediately. If individuals are using the same password on other websites, it should be change it on those too.

Sources: Email, Business Spectator, Smart Company

Leave a Reply