In a substantial cybersecurity incident, SurveyLama, a platform for conducting paid surveys, has experienced a significant data breach, with the repercussions affecting millions of its users.
The breach, which took place on February 1, 2024, was confirmed by Have I Been Pwned (HIBP), a widely recognized service created by cybersecurity expert Troy Hunt, designed to inform users if their personal data has been compromised.
The data breach at SurveyLama resulted in the exposure of approximately 4.4 million customer email addresses. However, the extent of the breach goes beyond just email addresses. According to the details shared on Have I Been Pwned, the compromised information includes a wide array of personal data, including: names, physical and IP addresses, phone numbers, dates of birth, and passwords.
The passwords were stored using various encryption methods, including salted SHA-1, bcrypt, or argon2 hashes, indicating the platform's effort to secure user passwords with contemporary cryptographic techniques. Despite these measures, the breach's magnitude and the sensitivity of the data involved make it a severe incident.
Troy Hunt was alerted to the breach and took steps to independently verify the data's authenticity before reaching out to SurveyLama. In response, the platform confirmed the breach and informed him that they had already taken the initiative to notify affected users via email.
The breach was added to HIBP's database on April 2, 2024. With compromised accounts totaling 4,426,879, and the exposed data encompassing highly sensitive and personal data, the breach presents substantial risks to affected users, ranging from identity theft to phishing attacks.
For members of the platform, the incident serves as a reminder of the need for practicing good data hygiene, such as using unique, strong passwords for different services and being cautious about the personal information shared online.
Affected users are advised to heed SurveyLama's notifications and take proactive steps to protect their data. These steps include changing their passwords, especially if the same password was used on multiple platforms, monitoring their accounts for unusual activity, and being vigilant for phishing attempts that may exploit the breach.
This incident also reinforces the value of services like Have I Been Pwned, offering users a way to check if their information has been compromised in this or any other publicly disclosed data breach.
Wi-Fi Flaws in DJI Mavic 3 Allow Attackers to Hack the Drone
Leave a Reply