SurveyLama data breach: 4.4 Million users data exposed

So far, the exposed data has not been posted anywhere, so hurry up change your password

2 min. read

Published onApril 4, 2024

published onApril 4, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Recently, Have I Been Pwned (HIBP), a data breach alerting service, issued a warning stating that SurveyLama experienced a data breach on February 1, 2024, thereby risking the exposure of confidential data belonging to 4.4 million users.

For those who don’t know, SurveyLama is an online platform owned by Globe Media that rewards registered users for filling out surveys. The platform is popular for high payouts, several withdrawal options, and fast payments.

According to the information received by Troy Hunt, creator of Have I Been Pwned, the breach exploded data related to4,426,879 user accounts, and the various data types included are:

HIBP mentions:

Passwords stored as either salted SHA-1, bcrypt or argon2 hashes were also compromised.

Hashed passwords can’t be used immediately but can be cracked if a person with certain skills has enough time.

One of the affected users notified Hunt about the data breach, then HIBP alerted SurveyLama about the breach, and here is what they did to prevent further damage:

We notified users by email by deleting their password so that they could create a new one. We were already notified of a possible leak a month or two ago

The online survey platform mentioned that it has made necessary security checks and modifications to strengthen the system, but the company doesn’t know how the leak happened.

The information disclosed byHunt to BleepingComputer, the compromised data, has not been posted anywhere so far, which suggests that the exposure is limited at the time.

SurveyLama has already informed affected users via email about the breach and advised them to change their passwords not only for the platform but also for all the other services where they might have used the same credentials.

When resetting the password, one must always use a combination of uppercase and lowercase letters, numbers, & special characters, especially for websites that collect personal data.

Are you a registered user of the platform and have you received the email? If so, please change the password and let our readers know about other safety measures that you took in the comments section below.

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

SurveyLama data breach: 4.4 Million users data exposed#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

SurveyLama data breach: 4.4 Million users data exposed