P2021-ND-290

Omaze, Inc.

On October 8, 2020, the Organization was notified by the Federal Bureau of Investigation that it had potentially been subject to a cyber-attack, and a database of what was purported to be the Organization?s user data was available on a sharing and marketplace forum. The Organization reported that it appears the records were posted to the forum on July 19, 2020. The Organization identified that the posted database contained two datasets of purported user information, which appeared to have been obtained from a legacy database hosted in a cloud environment provided by Amazon Web Services (AWS). The Organization believes that the intruders obtained credentials for one of its employees, and exploited those credentials to access the database.

Categories: 2021
Tags: Unauthorized access