Hershey.Kiss.Sad.Face.08142011

I received an unexpected email last week from the Hershey corporation. It looks like they have suffered an attack that compromised information. This attack is no where near the scale of the Sony attacks in the spring, but this could have some negative effects.

According to the email the site that was hacked contained “website registration information”, email addresses, street addresses, birthdates and passwords. As a precaution Hershey’s is recommending the following steps:

  • Vary your passwords by site
  • Use strong passwords
  • Change your passwords frequently
  • Use caution when opening email links or attachments from unknown senders

None of these steps are anything unknown to the geek community but it is good information for the less technology savvy to adhere to.

So another system was hacked, many would say that this is just standard operating procedure on the Internet. There is one last item related to this hack that can be rather problematic. On this website is the cookie recipes that Hershey offers on their website.

They did not specify which specific recipe was altered, but the user had SQL access to the databases in order to alter the recipe and download the user registration information. The email also states that no financial information was stored on the server hence, that information was not compromised.

This is just another, in what I am guessing to be, a very long line of websites that have been compromised. I know this is not the first and will most certainly not be the last company to be hacked to garner information regarding their user base.

The entire email is below:

Dear Hershey Consumer,

At Hershey, we are committed to open communications with our consumers and other stakeholders. As a result, we want to take a moment to inform you about a recent incident and the steps we took to correct it.

We recently discovered that an unauthorized individual accessed one of our websites and altered one of our baking recipes. As you know, Hershey’s recipes are built on our legacy of offering the highest-quality products for more than 100 years. Consumers rely on us for this information, and we take the quality of our baking and cooking recipes very seriously. We have corrected the issue and taken steps to enhance the security of this information. We have thoroughly investigated the situation and reviewed the recipes on this site to ensure their quality. All indications are that this incident involved only the site where we manage consumer baking and cooking recipes.

No financial information was stored on the same server as our recipes, and Hershey’s online stores operate on a different system. However, the server did contain consumer website registration information, including email addresses, birthdates and street addresses as well as passwords used to enter some of our sites.

We have no indication that any of this consumer information was compromised; however, given the nature of this incident, we are acting out of an abundance of caution and informing you that this server was accessed. We are also outlining some steps to help you ensure your security whenever you use the Internet and email.

If you used the same password on a Hershey website that you use for your email or other sensitive accounts, please consider changing those passwords as a precaution. For your security, we ask you to be especially aware of email scams that ask for personal or sensitive information.

Remember, The Hershey Company never asks you to supply or verify sensitive personal or financial information via email; only provide this type of information through a secure website. If you receive a request for this type of information, you can be confident that The Hershey Company is not the organization making the request.

The following guidelines are offered by our information security experts to help protect yourself online:

– Vary your passwords by site
– Use strong passwords
– Change your passwords frequently
– Use caution when opening email links or attachments from unknown senders

We appreciate your loyalty to The Hershey Company and regret any inconvenience this may have caused. We take this matter very seriously and have enhanced our security measures to ensure the quality of our recipes.

If you have any questions or need further assistance, please call us at 1-800-468-1714 Monday through Friday between 9 a.m. and 4 p.m. Eastern Time.

Sincerely,

Hershey Consumer Relations



Hershey.Kiss.Sad.Face.08142011

I received an unexpected email last week from the Hershey corporation. It looks like they have suffered an attack that compromised information. This attack is no where near the scale of the Sony attacks in the spring, but this could have some negative effects.

According to the email the site that was hacked contained “website registration information”, email addresses, street addresses, birthdates and passwords. As a precaution Hershey’s is recommending the following steps:

  • Vary your passwords by site
  • Use strong passwords
  • Change your passwords frequently
  • Use caution when opening email links or attachments from unknown senders

None of these steps are anything unknown to the geek community but it is good information for the less technology savvy to adhere to.

So another system was hacked, many would say that this is just standard operating procedure on the Internet. There is one last item related to this hack that can be rather problematic. On this website is the cookie recipes that Hershey offers on their website.
(more…)