Malware
Massive SurveyLama Data Breach: Shocking Exposure of 4.4 Million Users’ Private Information
A SurveyLama data breach has exposed the information of 44 million users, with email addresses, names, and hashed passwords leaked. The breach was discovered by CyberNews researchers, who found a 20GB file containing the data. Users are advised to change their passwords and enable two-factor authentication to protect their accounts.
Imagine going about your day, answering surveys for some extra cash, and then suddenly, you receive an email about a data breach. That’s exactly what happened to 4.4 million users of SurveyLama, an online survey platform that rewards users for completing surveys. Owned by French company Globe Media, SurveyLama is popular for its high payouts (up to $20), quick payments, and multiple withdrawal options.
The Data Breach: What You Need to Know
In February 2024, we learned about a data breach involving sensitive information from SurveyLama users. The types of data exposed included:
- Dates of birth
- Email addresses
- IP addresses
- Full Names
- Passwords
- Phone numbers
- Physical addresses
After being notified of the exposure by an impacted user, we independently verified the data. SurveyLama confirmed the security incident and stated that they had already emailed affected users about the breach.
What Does This Mean for You?
If you’re one of the 4,426,879 affected accounts, you should have already received an email notification from SurveyLama. However, the good news is that the exposed passwords were stored in salted SHA-1, bcrypt, or argon2 hashes form, meaning they are not directly usable in cleartext.
But don’t let that lull you into a false sense of security. Although hashing provides some protection against cracking, it’s not foolproof. Passwords protected with salted SHA-1 are particularly vulnerable to collision attacks.
What Should You Do Next?
As a precaution, you should immediately reset your SurveyLama password and change your credentials on any other platform where you might use the same login information. At this time, we’re not aware of the compromised data being posted publicly, so the exposure is currently limited.
However, if the dataset falls into the wrong hands, it could be exploited privately and eventually leak to the broader cybercrime community. To protect yourself, take action now and stay vigilant in monitoring your accounts for any suspicious activity.
Stay Informed and Stay Safe
Remember, knowledge is power when it comes to cybersecurity. The sooner you know about a breach, the better you can protect yourself. Don’t wait for the next data breach to catch you off guard. Keep coming back to our IT Services to learn more about the latest cyber threats and how to stay safe in an increasingly digital world.