A third-party provider of Mention’s recently suffered a data breach.
Founded in 2012, Mention offers brands a media monitoring app to allow them to leverage filtered data for their overall strategies. Mention provides this service for customers such as Airbnb, Deliveroo, Microsoft and Adobe.
The Paris-headquartered firm lets clients receive monitoring data in real time and filter results for relevant data. Monitoring data can also be added to reports, CRM and live websites. The features are used by 650,000 companies on a daily basis.
July data breach revealed
Today (3 August), Mention CEO Matthieu Vaxelaire emailed users informing them of the occurrence of a data security breach involving a third-party provider. The breach occurred in July and Mention promptly reported details to the French data protection authorities.
The breach occurred at a third-party vendor used by the company in its marketing stack and Mention is one of many clients affected.
Data at risk of exposure includes names and email addresses of Mention users, as well as account profile information such as plan value, number of alerts and mentions, and the date the account was created.
Vaxelaire assured Mention clients that no payment credentials such as credit card data or wire instructions were affected. Passwords, login credentials and authentication tokens are safe.
He said: “There is no action to be taken on your side, but we recommend you to be careful with phishing scams (as always).
“Your data security is a top priority for us, and we are reviewing all our data flows to ensure your information remains absolutely safe.”
A worrying trend
Third-party breaches have become something of a trend in recent times.
The culprit behind the recent Ticketmaster breach was malware found on a customer service product supplied by a third party, Inbenta Technologies.
Luxury food retailer Fortnum & Mason fell victim to a third-party breach when response collection software Typeform was compromised.
In April, Delta and Sears customers experienced a data breach when a third-party chat software provider was hit with malware.
At the time of this incident, CyberGRX CEO Fred Kneip told Siliconrepublic.com: “A real-time assessment of third-party cyber risk has to be a part of the vetting process when companies engage with any third party, including vendors, suppliers and outsourcers.”