SurveyLama data breach: 4.4 Million users data exposed

So far, the exposed data has not been posted anywhere, so hurry up change your password

News

Reading time icon 2 min. read

Calendar icon Published on

by Srishti Sisodia 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

SurveyLama data breach: 4.4 Million users data exposed

Recently, Have I Been Pwned (HIBP), a data breach alerting service, issued a warning stating that SurveyLama experienced a data breach on February 1, 2024, thereby risking the exposure of confidential data belonging to 4.4 million users.

For those who don’t know, SurveyLama is an online platform owned by Globe Media that rewards registered users for filling out surveys. The platform is popular for high payouts, several withdrawal options, and fast payments.

According to the information received by Troy Hunt, creator of Have I Been Pwned, the breach exploded data related to 4,426,879 user accounts, and the various data types included are:

  • Dates of birth
  • Email addresses
  • IP addresses
  • Full Names
  • Passwords
  • Phone numbers
  • Physical addresses

HIBP mentions:

Passwords stored as either salted SHA-1, bcrypt or argon2 hashes were also compromised.

Hashed passwords can’t be used immediately but can be cracked if a person with certain skills has enough time.

One of the affected users notified Hunt about the data breach, then HIBP alerted SurveyLama about the breach, and here is what they did to prevent further damage:

We notified users by email by deleting their password so that they could create a new one. We were already notified of a possible leak a month or two ago

The online survey platform mentioned that it has made necessary security checks and modifications to strengthen the system, but the company doesn’t know how the leak happened.

The information disclosed by Hunt to BleepingComputer, the compromised data, has not been posted anywhere so far, which suggests that the exposure is limited at the time.

SurveyLama has already informed affected users via email about the breach and advised them to change their passwords not only for the platform but also for all the other services where they might have used the same credentials.

When resetting the password, one must always use a combination of uppercase and lowercase letters, numbers, & special characters, especially for websites that collect personal data.

Are you a registered user of the platform and have you received the email? If so, please change the password and let our readers know about other safety measures that you took in the comments section below.

More about the topics: Cybersecurity

Srishti Sisodia

Srishti Sisodia Shield

Windows Software Expert

Srishti Sisodia is an electronics engineer and writer with a passion for technology. She has extensive experience exploring the latest technological advancements and sharing her insights through informative blogs. Her diverse interests bring a unique perspective to her work, and she approaches everything with commitment, enthusiasm, and a willingness to learn. That's why she's part of Windows Report's Reviewers team, always willing to share the real-life experience with any software or hardware product. She's also specialized in Azure, cloud computing, and AI.