Chit Chats considers security a top priority for our clients. Late in September, we discovered unauthorized attempts to access some client accounts. Our team immediately launched an investigation and took action to block unauthorized attempts. We also took additional steps by enhancing security measures across our platform to prevent this from happening in the future.
What information was involved
Unauthorized access was gained using the correct username and password. There was no access to client credit card information as that is not stored on our site. The type of information gained may have included:
- shipment addresses and history
- passwords associated with the account
Accounts that have easily guessed passwords and passwords that have been used or being used on other services were the most vulnerable. For example using ‘password’ or ‘1234’ or using the same easily guessed password for many accounts (i.e. email, banking, online streaming, etc.).
If you notice any suspicious activity on your account, like postage purchased please request a refund immediately for these shipments and contact us directly. These types of attacks happen on a daily basis to other sites and even to us. This is a serious reminder that you should never share the same password between multiple services and always use a strong password.
What steps we’ve taken
- We reset client account passwords to prevent further unauthorized access
- A captcha was added to the sign in page to identify non-human access
- Extended waiting period after numerous failed login attempts
- Strong password criteria: all passwords must now include a number, symbol and capital letter.
Find further tips on password security in our Help & Support.