SurveyLama data breach: 4.4 Million customers knowledge uncovered

Lately, Have I Been Pwned (HIBP), a data breach alerting service, issued a warning stating that SurveyLama skilled a data breach on February 1, 2024, thereby risking the publicity of confidential knowledge belonging to 4.4 million customers.

For many who don’t know, SurveyLama is a web based platform owned by Globe Media that rewards registered customers for filling out surveys. The platform is widespread for prime payouts, a number of withdrawal choices, and quick funds.

Based on the knowledge acquired by Troy Hunt, creator of Have I Been Pwned, the breach exploded knowledge associated to 4,426,879 person accounts, and the assorted knowledge varieties included are:

• Dates of start
• E-mail addresses
• IP addresses
• Full Names
• Passwords
• Cellphone numbers
• Bodily addresses

HIBP mentions:

Passwords saved as both salted SHA-1, bcrypt or argon2 hashes had been additionally compromised.

Hashed passwords can’t be used instantly however could be cracked if an individual with sure expertise has sufficient time.

One of many affected customers notified Hunt concerning the data breach, then HIBP alerted SurveyLama concerning the breach, and here’s what they did to stop additional harm:

We notified customers by e-mail by deleting their password in order that they might create a brand new one. We had been already notified of a potential leak a month or two in the past

The web survey platform talked about that it has made essential security checks and modifications to strengthen the system, however the firm doesn’t know the way the leak occurred.

The knowledge disclosed by Hunt to BleepingComputer, the compromised knowledge, has not been posted wherever to date, which means that the publicity is proscribed on the time.

SurveyLama has already knowledgeable affected customers through e-mail concerning the breach and suggested them to alter their passwords not just for the platform but in addition for all the opposite providers the place they could have used the identical credentials.

When resetting the password, one should all the time use a mixture of uppercase and lowercase letters, numbers, & particular characters, particularly for web sites that gather private knowledge.

Are you a registered person of the platform and have you ever acquired the e-mail? If that’s the case, please change the password and let our readers find out about different security measures that you just took within the feedback part under.

Srishti Sisodia

Home windows Software program Professional

Srishti Sisodia is an electronics engineer and author with a ardour for expertise. She has in depth expertise exploring the most recent technological developments and sharing her insights by informative blogs.
Her various pursuits carry a singular perspective to her work, and he or she approaches all the things with dedication, enthusiasm, and a willingness to study. That is why she’s a part of Home windows Report’s Reviewers crew, all the time keen to share the real-life expertise with any software program or {hardware} product. She’s additionally specialised in Azure, cloud computing, and AI.