Cyber Incident Victim: modaco.com
Date:
Jan 2016
Location:
United Kingdom
Summary
A mobile review website experienced a data breach involving up to 875,000 user accounts, with compromised information including email and IP addresses, usernames, and hashed passwords. The incident stemmed from a compromised administrator account, prompting the organization to implement security measures to prevent future breaches and collaborate with its CMS provider on additional mitigations. Users expressed dissatisfaction upon learning of the breach through third-party sources rather than direct notification, with some forum members seeking to delete inactive accounts but encountering difficulties due to the platform's account management limitations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In September 2016, smartphone news and reviews website MoDaCo publicly acknowledged a data breach involving unauthorized access to user information. The breach, initially reported by third-party service HaveIBeenPwned, exposed email addresses, IP addresses, usernames, and hashed passwords for approximately 875,000 user accounts. Forensic analysis indicated the intrusion likely occurred in January 2016 through the compromise of an administrator account, which provided attackers with system access. Founder Paul O'Brien confirmed the incident while emphasizing efforts to contain its impact, noting the compromised credentials did not include plaintext passwords. The stolen data subsequently appeared in public online dumps, though specific distribution channels or threat actors were not identified in disclosures.
MoDaCo implemented immediate containment measures by disabling the compromised administrator account vector to prevent recurring access through this method. The organization collaborated with its content management system provider to develop additional security mitigations against similar future attacks. User backlash emerged on MoDaCo forums as members reported discovering the breach via external sources rather than direct notification from the company. Forum discussions revealed attempts by inactive users to delete obsolete accounts, complicated by account retention policies or technical limitations. ESET security specialist Mark James documented these frustrations, observing that the delayed disclosure amplified user concerns about data control and transparency. No financial, legal, or operational consequences beyond reputational damage and user complaints were detailed in available reports.