SurveyLama, an online survey platform that pays users for completing third-party surveys, has suffered a massive data breach affecting 4,426,879 users. The breach exposed the personal data of users, including:
- Email address
- Phone number
- Full name
- Date of birth
- IP address
- Physical address
- Hashed passwords (stored in salted SHA-1, bcrypt, and argon2 hash forms)
The hack was first discovered at the beginning of February by Troy Hunt, the creator of Have I Been Pwned (HIPB), a data breach alerting service. In addition, Hunt reached out to SurveyLama, which confirmed that it had already notified users through the email they used to register an account.
SurveyLama has acknowledged the breach and notified the affected users by email:
“We were already notified of a possible leak a month or two ago,” SurveyLama reported. Though it doesn’t know how the data breach occurred, it has “made security checks and modifications to strengthen [their] system.”
So far, the stolen data has not appeared on any dark web sites and has yet to be made public. So, it’s not too late to protect your information if you are one of the impacted users. Here’s what SurveyLama and cybersecurity experts suggest:
- Change your SurveyLama password immediately
- Reset login details and credentials for any websites that use the same email or password as your SurveyLama account
- Ignore suspicious emails, texts, and calls that may be from malicious actors
Surveylama is an online paid survey site. Every day users are offered to participate in paid surveys, and at the end of their participation, they receive LamaPoints (LP). These LamaPoints (LP) are redeemable for Paypal transfers and Amazon gift vouchers. The site also hosts contests, challenges, and other ways that users can win prizes. Surveylama collects personal information through a series of questions when a user registers an account, and then it sends the user surveys.