SitePoint, an Australian learn-to-code publishing website suffered a data security incident while promoting the book Hacking for Dummies on its homepage through a third-party tool they used to monitor our GitHub account.
The incident compromised its customers' non-important information like names, email addresses, hashed passwords, etc.
Th3e site immediately changed the relevant API keys and passwords to prevent further damage.
Source: https://www.theregister.com/2021/02/05/sitepoint_hack_supply_chain/
TPRM report: https://scoringcyber.rankiteo.com/company/sitepoint
"id": "sit273622",
"linkid": "sitepoint",
"type": "Breach",
"date": "02/2021",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Education',
'location': 'Australia',
'name': 'SitePoint',
'type': 'Learn-to-Code Publishing Website'}],
'attack_vector': 'Third-Party Tool',
'data_breach': {'personally_identifiable_information': ['names',
'email addresses'],
'sensitivity_of_data': 'Low',
'type_of_data_compromised': ['names',
'email addresses',
'hashed passwords']},
'description': 'SitePoint, an Australian learn-to-code publishing website '
'suffered a data security incident while promoting the book '
'Hacking for Dummies on its homepage through a third-party '
'tool they used to monitor their GitHub account.',
'impact': {'data_compromised': ['names',
'email addresses',
'hashed passwords']},
'response': {'containment_measures': ['Changed relevant API keys and '
'passwords']},
'title': 'SitePoint Data Security Incident',
'type': 'Data Breach'}