Gyft, a mobile app that allows users to buy, sell, send, and receive gift cards notified users on February 4 that it had been hacked by an unknown person. On a Web site dedicated to helping users, the company said the data breach may have been going on for some time.
Beginning on October 3 and continuing through December 18, 2015, an unknown party accessed without authorization two cloud providers used by Gyft. This unknown party was able to view or download certain Gyft user information stored with these cloud providers and make a file containing some of that user information.
The company said that no credit card information was stolen, and that it was forcing users to change their passwords. The company, which also accepts bitcoins for payments, says that users who pay with a Coinbase account should review their transactions. It also said that all users should monitor cards that were in their Gyft accounts before January 8.
Overview by Ben Jackson, Director, Prepaid Advisory Service at Mercator Advisory Group
Read the email here
Read Gyfts FAQ for users here