SurveyLama data breach: 4.4 Million users data exposed

So far, the exposed data has not been posted anywhere, so hurry up change your password

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

SurveyLama data breach: 4.4 Million users data exposed

Recently, Have I Been Pwned (HIBP), a data breach alerting service, issued a warning stating that SurveyLama experienced a data breach on February 1, 2024, thereby risking the exposure of confidential data belonging to 4.4 million users.

For those who don’t know, SurveyLama is an online platform owned by Globe Media that rewards registered users for filling out surveys. The platform is popular for high payouts, several withdrawal options, and fast payments.

According to the information received by Troy Hunt, creator of Have I Been Pwned, the breach exploded data related to 4,426,879 user accounts, and the various data types included are:

  • Dates of birth
  • Email addresses
  • IP addresses
  • Full Names
  • Passwords
  • Phone numbers
  • Physical addresses

HIBP mentions:

Passwords stored as either salted SHA-1, bcrypt or argon2 hashes were also compromised.

Hashed passwords can’t be used immediately but can be cracked if a person with certain skills has enough time.

One of the affected users notified Hunt about the data breach, then HIBP alerted SurveyLama about the breach, and here is what they did to prevent further damage:

We notified users by email by deleting their password so that they could create a new one. We were already notified of a possible leak a month or two ago

The online survey platform mentioned that it has made necessary security checks and modifications to strengthen the system, but the company doesn’t know how the leak happened.

The information disclosed by Hunt to BleepingComputer, the compromised data, has not been posted anywhere so far, which suggests that the exposure is limited at the time.

SurveyLama has already informed affected users via email about the breach and advised them to change their passwords not only for the platform but also for all the other services where they might have used the same credentials.

When resetting the password, one must always use a combination of uppercase and lowercase letters, numbers, & special characters, especially for websites that collect personal data.

Are you a registered user of the platform and have you received the email? If so, please change the password and let our readers know about other safety measures that you took in the comments section below.

More about the topics: Cybersecurity