Data Breach Notification: Covve
In February of 2020, it was revealed that Covve, who bills their address book app as the “smartest, simplest, contacts app”, experienced a data breach. Covve left a database exposed to the Internet without a password. There were nearly 23 million records exposed by the site, which included email addresses, job titles, names, phone numbers, physical addresses and social media profiles. Your data might have been included in the breach even if you did not use the service, as the data was provided by users of the service who chose to sync their phone and email contact lists with the site.
There were 57 berry.edu or vikings.berry.edu email addresses included in the breach.
To find out if your information was included, you can go to Have I Been Pwned and enter your email address in the search form. You can also sign up to be notified when your information appears in a breach by clicking on “Notify Me” at the top of any page on the Have I Been Pwned site.
If your information was included, there is not much that can be done to remove it from circulation. There were no passwords exposed by the breach, but there was plenty of personal information, as mentioned above. Hackers may attempt to impersonate your contacts or you using the information. As always, be very cautious when dealing with unexpected texts or emails, especially when they contain links or attachments.
Be sure to NEVER reuse your Berry email password for any other website or service! Stay vigilant against phishing emails by learning what to look for. Check out the Phishing Quick Info page here on this site at a minimum.
As always, if you have questions about any of this, you can contact Information Security using the information on the right-hand side of any site page.
If you haven’t signed up for multi-factor authentication (MFA), what are you waiting for? This adds an additional layer of protection to your Berry account and lets you keep the same password for a whole year! Setup takes only a few minutes. Make your request by emailing computing@berry.edu to tell them you want MFA!
If I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.
If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me.