Gumtree has been hacked with user names compromised. Personal details such as contact names and phone numbers which if provided are made publicly available on the site, were also accessed.
Passwords apparently were kept secure and Gumtree says that the breach only affects some users based in Australia, where Gumtree launched before eBay took the company worldwide.
Generally you’d only be able to see another user’s name and phone number if you were logged into Gumtree. Combining this information with email addresses could potentially be used for phishing attacks or social engineering.
Frankly, whilst it’s a PR disaster for eBay owned Gumtree, it’s not particularly worrisome for users. I’m pretty sure that most Tamebay readers know my email address (if you don’t, it’s [email protected]) and my name is no secret. My phone number is widely known too. The hackers haven’t really got any more information on Gumtree users than thousands of people already have for me.
Gumtree have said “The safety of our community remains our number one priority and we apologise that you’ve been affected by this”.
Gumtree don’t have financial details for their users as the classified site is designed primarily for in-person transactions and leaves users to arrange payments with each other.
Edited to add Gumtree UK issued the following statement:
“Gumtree UK was not affected by the security attack on Gumtree Australia. There has been no compromise of any customer information of users in the UK”.
“Gumtree Australia has assured its customers it was an isolated incident and was resolved within minutes of discovery. The affected users, privacy regulators and law enforcement have also been notified. No payment details
were comprised as Gumtree does not store any payment information on the site.”