Threatwatch

Hospitality exchange service Couchsurfing experiences email list mayhem

Network intrusion; Unauthorized use of system administrator privileges

‪The company’s distribution system was hacked right before messages endorsing a rival “sleep with a stranger” site were sent to many of its one million members.

The email headed "Site Improvements" appeared to prompt recipients towards the rival paid service Airbnb.

‪CouchSurfing hosts and guests do not exchange money.

“Indications are that the attempted XSRF attack (cross-site request forgery) was not successful,” the Register reports.

Couchsurfing declined to on whether the offending emails pushed maliciouscode.

In a statement on its support site, ‪the company "apologised for any confusion" the incident may have caused.

Couchsurfing said that "member data was not exposed.”

sector

Hospitality

reported

August 26, 2014

reported by

The Register

number affected

Unknown

location of breach

Unknown

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

August 15, 2014

date breach detected

2014-8-16