Passwords have been reset for a number of Gyft users as a precaution after a trove of account data was reported for sale on an underground forum.
Krebs on Security, the blog of cyber journalist Brian Krebs, reported that the Mountain View, Calif.-based gift card website denied that its site was breached and assigned blame to a third party.
Gyft did not disclose how many accounts were affected, but an insider said the figure was a single-digit percentage of customers, Krebs reported.
Bitcoin users should take notice as Gyft has been an easy way to redeem the virtual currency at retailers. "As the Bitcoin network itself cannot be attacked in traditional ways, assailants have to take the other route by targeting services dealing with digital currency payments," according to bitcoinist.net.
Gyft currently does not employ multifactor authentication, though company founder Vinny Lingham reportedly stated the firm was considering it.