DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

How sweet it isn’t: Hershey notifies some web site users of a hack

Posted on August 3, 2011 by Dissent

A reader sent in this breach notification he received yesterday. Stay with it because although it starts out talking about the security of their recipes and how important accuracy is to them, eventually they get around to notifying people that their names, dates of birth, street and e-mail addresses, and passwords may have been accessed by the hacker(s) who altered a recipe:

From: Hershey Consumer Relations
do_not_reply-at-hersheys.com
Date: Tue, Aug 2, 2011 at 7:09 PM
Subject: An Important Message from The Hershey Company
To: [redacted]

Dear Hershey Consumer,

At Hershey, we are committed to open communications with our consumers and other stakeholders. As a result, we want to take a moment to inform you about a recent incident and the steps we took to correct it.

We recently discovered that an unauthorized individual accessed one of our websites and altered one of our baking recipes. As you know, Hershey’s recipes are built on our legacy of offering the highest-quality products for more than 100 years. Consumers rely on us for this information, and we take the quality of our baking and cooking recipes very seriously. We have corrected the issue and taken steps to enhance the security of this information. We have thoroughly investigated the situation and reviewed the
recipes on this site to ensure their quality. All indications are that this incident involved only the site where we manage consumer baking and cooking recipes.

No financial information was stored on the same server as our recipes, and Hershey’s online stores operate on a different system. However, the server did contain consumer website registration information, including email addresses, birthdates and street addresses as well as passwords used to enter some of our sites.

We have no indication that any of this consumer information was compromised; however, given the nature of this incident, we are acting out of an abundance of caution and informing you that this server was accessed. We are also outlining some steps to help you ensure your security whenever you use the Internet and email.

If you used the same password on a Hershey website that you use for your email or other sensitive accounts, please consider changing those passwords as a precaution. For your security, we ask you to be especially aware of email scams that ask for personal or sensitive information.

Remember, The Hershey Company never asks you to supply or verify sensitive personal or financial information via email; only provide this type of information through a secure website. If you receive a request for this type of information, you can be confident that The Hershey Company is not the organization making the request.

The following guidelines are offered by our information security experts to help protect yourself online:

– Vary your passwords by site
– Use strong passwords
– Change your passwords frequently
– Use caution when opening email links or attachments from unknown senders

We appreciate your loyalty to The Hershey Company and regret any inconvenience this may have caused. We take this matter very seriously and have enhanced our security measures to ensure the quality of our recipes.

If you have any questions or need further assistance, please call us at 1-800-468-1714 Monday through Friday between 9 a.m. and 4 p.m. Eastern Time.

Sincerely,

Hershey Consumer Relations

I called Hershey earlier today to try to get some additional information as to when the hack occurred, how many people have been notified, and whether the passwords were stored in plain text, but they did not return the phone call by the time of this publication.


Related:

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Two more entities have folded after ransomware attacks
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Bitcoin holds steady as hackers drain over $40 million from CoinCDX, India's top exchange
Category: Breach IncidentsBreach TypesBusiness SectorHack

Post navigation

← BSNL, India’s largest telco breached
Flanders Music & Belgian jazz meeting data leaked by @NetBashers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app
  • Au: Qantas hackers gave airline 72-hour deadline
  • Honeywell vulnerability exposes building systems to cyber attacks
  • Recent public service announcements of note — parents should take special note of these
  • Au: Junior doctor faces fresh toilet spying charges as probe widens to other major hospitals

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.