Touchnote postcard app suffers data breach Published duration 6 November 2015

image copyright Touchnote image caption The Touchnote app turns smartphone snaps into postcards

Hackers have stolen customer data from Touchnote which makes an app that lets people turn a photo taken on a phone into a postcard.

The company has sent an email to customers hit by the breach informing them that data has been stolen.

In a statement, Touchnote said names, email and home addresses were taken in the attack.

It said it was still investigating the breach and, so far, was not sure how many customers had been affected.

About 4 million postcards are believed to have been sent via the app since it was launched in 2008. The app is pre-installed on millions of handsets.

Only identity information rather than passwords and payment card information was stolen in the attack, it said, which was first discovered on 4 November.

"None of the data that may have been accessed is financially sensitive," it said.

The UK's National Cyber Crime Unit is helping with the investigation.

In its explanatory email, Touchnote said useable payment information was not revealed because it only stored the final four digits of credit and debit cards used via the site.

As far as it was aware, it said, passwords had not been revealed either because these are stored using security techniques that make them difficult to decrypt.

Despite this, Touchnote advised users to change the password they use for the service. The sheer number of people attempting to do this made the site hard to reach on Friday afternoon.

Touchnote said further updates would be accessible via its official Twitter feed . The company has yet to issue an official statement about the breach.