Peatix

Peatix Security Incident FAQ

Last updated: December 27, 2022

Notice

As of December 27, 2022, we report on the implementation status of the preventive measures reported in the investigation results regarding the unauthorized access incident discovered on November 17, 2020.

https://announcement.peatix.com/20221227_ja.pdf

Frequently Asked Questions from Customers

Is my personal information subject to this unauthorized access incident?

Since the unauthorized extraction of personal information was due to unauthorized access by a third party between October 16 and October 17, 2020, all customers who registered their accounts before that time are subject to unauthorized extraction. Customers who registered for Peatix after October 17 are not affected. If you are unsure of your account registration date, please send your account registration email address to cs@peatix.com and we will investigate for you.

What information was extracted without authorization?

We have confirmed that the following customer information registered with Peatix was extracted without authorization:

  • Name
  • Account registration email address
  • Encrypted password
  • Account display name
  • Language settings
  • Country where the account was created
  • Time zone

We have not confirmed that payment-related information such as credit card information and financial institution account information, event participation history, data obtained through the participant survey form function, addresses, or phone numbers were extracted.

Were passwords extracted without authorization?

The information that was extracted without authorization includes encrypted passwords. To ensure the security of your account, we have invalidated the encrypted passwords and made it mandatory to reset all passwords, so we ask that users please reset their passwords. If you are using the same password used on Peatix for other services, please change your password as a precaution.

If you created an account with SNS integration, encrypted passwords were not stored in Peatix’s database from the beginning, so they are not subject to unauthorized extraction.

Requests to Customers:

  • If you have not yet reset your Peatix account password, please reset your password. For password reset procedures, please refer to the password reset help page.
  • If you are using the same password used on Peatix for other services, please promptly change the passwords used for other services.
  • If you receive suspicious emails, please be careful of spam and phishing emails, such as “do not open emails, do not open attachments, and do not click URLs in emails.”

I created an account with SNS integration. Was the password for the linked SNS also extracted without authorization?

If you created an account with SNS integration, encrypted passwords were not stored in Peatix’s database from the beginning, so they are not subject to unauthorized extraction.

Was credit card information extracted without authorization?

We have not confirmed that credit card information was extracted without authorization.

Was the information I entered in the survey form when applying for tickets extracted without authorization?

We have not confirmed that information entered in the survey form when applying for tickets was extracted without authorization.

I want to reset my password.

Please refer to the password reset help page for password reset methods.

I want to change my account registration email address.

Please refer to the email address change help page for how to change your account registration email address.

I want to withdraw from the service.

Please refer to the account withdrawal help page for withdrawal procedures.

Note that if you have created a group/event, the “Withdraw” button will not be displayed. If you wish to withdraw, please contact cs@peatix.com.

Will users who are subject to unauthorized extraction be notified by email?

We sincerely apologize for the inconvenience and concern. We have completed sending notification emails to all customers by November 24. Please also check your spam folder as emails may be stored there.

Frequently Asked Questions from Event Organizers

Please tell me if participants of events I organized are subject to this unauthorized access incident.

Since personal information was extracted without authorization between October 16 and October 17, 2020, all participants of events with sales deadlines before October 17, 2020 are subject to this unauthorized access incident. The maximum number of participants subject to the unauthorized access incident is the number of participants you can confirm in the organizer management screen. We apologize that we can only show the number of participants who may be affected, as the same participant may have applied for tickets multiple times.

For events with sales deadlines after October 17, 2020, there is a possibility that participants affected by this incident may be included (users who registered their accounts before October 17, 2020). We apologize that we cannot provide accurate data on the number of affected participants.

What actions should I take as an organizer?

First, please reset the password for your organizer account. What was confirmed to have been extracted without authorization in this incident are passwords in a highly encrypted state. To ensure the security of your account, we have invalidated the encrypted passwords and made it mandatory to reset all passwords.

We have completed sending notification emails to all customers by November 24.

If event participants contact you as an organizer regarding this matter, we would appreciate it if you could direct them to contact our office at cs@peatix.com for inquiries regarding this incident.

I am organizing an event soon. Is it safe to proceed?

We have completed addressing the vulnerabilities in this incident. In addition, to ensure the security of your account, we have invalidated the encrypted passwords and made it mandatory to reset all passwords, so we hope you can use Peatix with confidence.

Was customer information obtained through forms during ticket sales for events I organized extracted without authorization?

We have not confirmed that information entered in survey forms when applying for tickets was extracted without authorization.

Was payout information (bank account information) extracted without authorization?

We have not confirmed that organizer payout information (bank account information) was extracted through unauthorized access.

Will Peatix contact participants?

Yes, we have completed sending notification emails to all customers by November 24.

Participants are asking for an explanation. Can Peatix contact the relevant participants directly?

We will respond to inquiries from participants, so please direct them to our office at cs@peatix.com for inquiries regarding this incident.