14 DAY TRIAL // Chocolate giant Hershey has notified an undisclosed number of customers that their personal information might have been compromised when one of the company's websites was hacked into.
In an email sent to affected individuals, Hershey notes that the security breach occurred on a website hosting consumer baking and cooking recipes.
The unidentified intruder apparently hacked into the bsite in order to replace a baking recipe with one of a competing product.
The compromised server also included user registration information like email addresses, birth dates, street addresses, and passwords.
"We have no indication that any of this consumer information was compromised; however, given the nature of this incident, we are acting out of an abundance of caution and informing you that this server was accessed," the company notes.
Hershey advises customers to change their password on its website as well as for any other accounts where they might have used the same one.
This suggests that the company was either storing the passwords in plain text form or as hashes created with an easily crackable algorithm, either scenario being a major security oversight.
No financial information was exposed as a result of this incident, but if hackers obtained personal information they might use that in an attempt to obtain more. Because of this, users are advised to be wary of unsolicited emails claiming to be from Hershey or third parties and asking for their financial details.
Any such request should be confirmed with the respective institution over the phone before complying. Am increase in general-purpose spam might also result from this data breach.
"Remember, The Hershey Company never asks you to supply or verify sensitive personal or financial information via email; only provide this type of information through a secure website. If you receive a request for this type of information, you can be confident that The Hershey Company is not the organization making the request," the company stresses.