Neighbourly has confirmed a data breach affecting some of its registered users after unauthorised access to its systems on New Year’s Day.
In an update to members, Neighbourly confirmed some user data was accessed and said the breach was contained and the site and its services have been restored.
“Over the past few days we have worked to understand whether our members’ data had been accessed without authorisation and, if so, the extent of the breach,” a spokesperson said.
Neighbourly is owned by Stuff Limited, which also owns stuff.co.nz with TradeMe.
The site’s members use it to interact on community issues such as local events, crime and safety, council issues, neighbourhood watch, babysitting and lost pets.
The investigation showed unauthorised access to certain categories of data held by the platform, the spokesperson said.
This included registered users’ names, email addresses, GPS coordinates, public forum posts and private member communications.
However, the company said passwords were not accessed. Some publicly advertised events and business addresses were also included in the data that was accessed.
Neighbourly said it had addressed the issue that led to the breach and was satisfied the platform is secure for members to use.
“We are now satisfied that the breach was quickly contained and we have restored the Neighbourly site and service.”
As a precaution, Neighbourly said it would seek a court injunction to prevent any use of the material that was accessed.
The company apologised to its members for the incident and for any concern caused while investigations were underway.
“We want to apologise to our members for this occurrence and any concerns it may have caused you over the past few days.
“We will work closely with all our staff to ensure we have the most robust processes in place to prevent it from happening again.”
Neighbourly also issued advice to users on steps they can take to protect themselves after the breach, warning that scammers are particularly active at this time of year.
Members were advised to remain alert to unusual phone calls, emails, or text messages, particularly those that request personal information or create a sense of urgency.
The company recommended users avoid clicking links in emails and instead type web addresses directly into their browsers to ensure they are visiting legitimate sites.
Users are also encouraged to enable two-factor authentication, where available, to add an extra layer of security.
Neighbourly thanked members who contacted the company during the outage and said it appreciated their patience while the “complex issues associated with cyber theft” were addressed.
Neighbourly confirmed its website and services are now fully operational.