Excerpt from The Bleeping Computer Article, Published on Apr 03, 2024
In a recent data security incident, SurveyLama, an online survey platform known for its rewards system, has fallen victim to a data breach, compromising the personal information of approximately 4.4 million users. The breach, which occurred in February 2024, was brought to light by the data breach alert service Have I Been Pwned (HIBP).
Owned by French company Globe Media, SurveyLama is esteemed for its lucrative payouts, swift payment processing, and various withdrawal options, attracting a significant user base. However, the breach has raised concerns regarding the security of users’ sensitive data on the platform. According to Troy Hunt, the creator of HIBP, who verified the breach independently, the compromised data includes users’ dates of birth, email addresses, IP addresses, full names, passwords, phone numbers, and physical addresses. Hunt was alerted to the breach by an affected user, prompting further investigation into the matter.
Upon contacting SurveyLama, HIBP confirmed that the platform had already informed affected users via email about the security incident. SurveyLama disclosed that the exposed passwords were stored using encryption methods such as salted SHA-1, bcrypt, or argon2 hashes, offering some level of protection against unauthorized access. However, despite encryption, passwords stored in salted SHA-1 hashes remain vulnerable to potential attacks due to known vulnerabilities associated with this encryption method. Consequently, users are strongly advised to reset their passwords on SurveyLama immediately, as well as on any other platforms where they may have used the same credentials.
Although there is no evidence to suggest that the compromised data has been publicly posted, there is a risk that it could be exploited by malicious actors if it falls into the wrong hands. Therefore, users are urged to take precautionary measures to safeguard their personal information and remain vigilant against potential cyber threats. As the investigation into the breach continues, SurveyLama and its parent company Globe Media are expected to implement enhanced security measures to prevent similar incidents in the future and regain user trust in the platform’s data protection practices.
To delve deeper into this topic, please read the full article on Bleeping Computer
