In individual data breach notices published on February 3, the organizations informed users that the incident was discovered after cybercriminals started sharing databases stolen from the two companies on underground forums.
The databases – or ‘lists’, as the two companies call them – contain names, email addresses, phone numbers, encrypted passwords, and password reset tokens that are either expired or inactive.
“We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list originated inside our company,” the announcements read.
