It looks like the breach is confirmed: https://dailydarkweb.net/neighbourly-data-breach-150gb-of-user-data-and-messages-put-for-sale/ 

Given the post date (December 24th) they were pretty slow to react.

No notifications yet of a breach.

Email received from them at 00:34

We have become aware this evening of claims that Neighbourly has been affected by a data breach. Out of an abundance of caution, we have taken the site down while our external cyber security team investigates the claims, and we have notified authorities.

As you may be aware, the holiday period is a time when scammers can be particularly active as people are busy and distracted. Phishing attempts — via email, texts and calls - increase and it is important to avoid clicking on unexpected messages.

At Neighbourly we take our data privacy responsibilities extremely seriously and we will keep you updated as more information becomes available.

Ngā mihi,

The team at Neighbourly

I’m struggling to recall anyone that uses this !

Will Stuff and Trademe be the next targets given their ownership of Neighbourly.

I am not at all surprised. For months every time I tried to access via a link in an email, it would go to Safari and a notice of - This connection is not secure, would pop up and ask if it should go back or continue. 

I wrote to them twice describing the issue and they responded that they were looking into it, but this situation continued for months and now this.

Sick of these breaches and really need to have a fake persona, DOB and rubbish email for all sites that don’t really need the true facts. Have done this with many but some of the older ones like Trade Me that give you karma are difficult to change now unless you make a new account and lose it all.

Eva888: Sick of these breaches and really need to have a fake persona, DOB and rubbish email for all sites that don’t really need the true facts. Have done this with many but some of the older ones like Trade Me that give you karma are difficult to change now unless you make a new account and lose it all.

It'll be easier going forward:

michaelmurfy:

 

It'll be easier going forward:

 

{removed large image}

 

Good try, Scam Site Operator. What guarantees do we have that uploading something to that site to "check if your data have been leaked" isn't in fact a site collecting personal information for nefarious purposes?

There are very few trusted sites and services. People should be aware of this and not provide information for a random service they see on a search. Search results can be easily played, and ads show up without looking like ads.

freitasm: Good try, Scam Site Operator. What guarantees do we have that uploading something to that site to "check if your data have been leaked" isn't in fact a site collecting personal information for nefarious purposes?

It's a good thing this allows you to search breached ID's for yours to verify yourself, right? No upload required!

(also /r/woosh)

michaelmurfy:

 

freitasm: Good try, Scam Site Operator. What guarantees do we have that uploading something to that site to "check if your data have been leaked" isn't in fact a site collecting personal information for nefarious purposes?

 

 

It's a good thing this allows you to search breached ID's for yours to verify yourself, right? No upload required!

 

(also /r/woosh)

 

No, not /r/woosh. I knew what you did there, and unfortunatelly written text someone doesn't convey sarcasm or is not intepreted as sarcasm.

I'm more concerned about the ManageMyHealth hack 

Breach confirmed 

ttps://www.stuff.co.nz/nz-news/360920404/neighbourly-confirms-data-breach-affecting-user-information

Names,.address, gps,.comments and other data of some users

Passwords not compromised 

Clint

Dear Scott,



We wanted to update you with what we have uncovered in regards to the potential Neighbourly data breach which we were alerted to on Thursday January 1.

Over the past few days we have worked to understand whether our members’ data had been accessed without authorisation and, if so, the extent of the breach.

We have now confirmed that there was a breach of some data from our registered users. We are now satisfied that the breach was quickly contained, and we have restored the Neighbourly site and services.

Our investigations have shown that there was unauthorised access of Neighbourly data, which included our registered members’ names, email addresses, GPS coordinates, forum posts and member communications. It did not include passwords but some publicly advertised event and business addresses were included.

Following best practice, we will look to seek a court injunction against any use of the material.

We want to apologise to our members for this occurrence and any concerns it may have caused you over the past few days. We have, of course, addressed the issue that allowed the theft to occur, and we are satisfied that the site is secure for use by all of our members. We will work closely with all our staff to ensure we have the most robust processes in place to prevent it from happening again.

Thank you to our members who contacted us over this period and for the understanding you have shown as we work through the complex issues associated with cyber theft.



Ngā mihi,

The team at Neighbourly

At https://help.neighbourly.co.nz/hc/en-nz/articles/52524561335321-Q-A-regarding-Neighbourly-data-breach-03-01-2025 they say:

  "Our registered users’ names, email addresses, GPS coordinates, public forum posts and private messages were within the data which was accessed."

I closed my account recently.

One wonders whether any data from closed (unregistered??) accounts is included in the breach.

Might have to ask them...