The data breach was reported by Have I Been Pwned, an app that warns users that their personal data has been hacked.
Data breach alert service Have I Been Pwned (HIBP) has revealed a major data breach involving SurveyLama, an online platform that rewards users for responding to surveys, like Lifepoints. This breach, which occurred in February 2024, exposed the sensitive data of 4.4 million users.
A proper hack
The cyberattack was first reported by Troy Hunt, the creator of HIBP. The information exposed includes dates of birth, email addresses, IP addresses, full names, passwords, phone numbers and physical addresses. Troy Hunt confirmed the authenticity of the data after being informed of the breach by an affected user.
We all expose our personal data, even just by browsing the Internet. But exactly what information are we throwing away to hackers? Clubic has taken stock for you in a file.
SurveyLama, owned by French company Globe Media, was contacted by HIBP and confirmed the security incident. Platform spokespersons said they had already informed affected users by email. The dataset, which contains information on 4,426,879 accounts, has been added to HIBP, meaning affected users should have already received an email notification.
Users prompted to change their password
SurveyLama said the exposed passwords were stored as salted SHA-1, bcrypt or argon2 hashes, meaning they are not directly usable in plaintext. However, while hashing adds some resistance to hacking, it is not immune to brute forcing. Passwords protected with salted SHA-1, which has known vulnerabilities, are particularly susceptible to collision attacks. This is because SHA-1 is a specific hash function. Salting is added so that identical passwords do not always match a single hash value.
Accordingly, SurveyLama account holders are advised to immediately reset their passwords on the Service and on other platforms where they may use the same credentials. Indeed, too many users have the annoying habit of identifying themselves on different sites with the same password which they easily memorize. Clubic shows you how to set a strong password to limit hacking of your personal data.
Finally, and this is a lesser evil for users whose personal data has been siphoned off, Troy Hunt told Bleeping Computer that it did not know whether the compromised data had been publicly released, which currently limits exposure.
- Have I Been Pwned is a free app that provides a quick and easy way to check if your email address or password has been compromised in a data breach.
- The data breach notification feature is very useful for users who want to be informed quickly if their email address has been compromised in a data breach.
- The app is regularly updated with new data to ensure users have the latest breach information.
Have I Been Pwned is a web application to check if your data has been compromised in data breaches. It is easy to use and is updated regularly to ensure the security of your personal information.
Have I Been Pwned is a web application to check if your data has been compromised in data breaches. It is easy to use and is updated regularly to ensure the security of your personal information.
Sources: Bleeping Computer, Have I Been Pwned
Ex-corporate journalist, the world of the web, networks, connected machines and everything that is written on the Internet whets my appetite. From the latest TikTok trend to the most liked reels, I come from the Facebook generation that still fascinates the internal war between Mac and PC. As a wise woman, the Internet, its tools, practices and regulation are among my favorite hobbies (that, lineart, knitting and bad jokes). My motto: to try it is to adopt it, but in complete safety.
Read other articles
0