In case anyone hasn't had the email, this just landed in my inbox:
On the Nov 29, 2018 UTC+10 we became aware of an unusual spike in user log-ins on UserCrowd. Upon further investigation we discovered that an unknown third-party had gained unauthorised access to a number of UserCrowd accounts.
Importantly, all of the affected accounts were accessed using valid email and password combinations. This incident was not due to a breach of UserCrowd systems or a brute force attack, and UserCrowd’s database has not been breached. The attacker has attempted to log in using user credentials from previous data breaches of unrelated online services. This type of attack is only effective if your credentials have been included in such a data breach in the past and you also used the same username and password on your UserCrowd account.
When the attack was first identified we temporarily disabled all user user log-ins until the situation was understood and additional security measures were in place.
We are contacting you because your account appears to have been logged in within the last 7 days, meaning that it is possible that your account has been accessed without your permission. Note that this does not mean that your account has necessarily been accessed; it is also possible that you simply logged in to your own account in this time.
As a precaution, we have logged all devices out of your UserCrowd account. In order to regain access to your UserCrowd account you will need to reset your password by visiting UserCrowd, entering your email address, and using the password reset link that is emailed to you. We strongly recommend using a different password than you used before.
At UserCrowd we place huge importance on the security of your data and, while the above incident did not arise from a breach of our systems, we want to ensure you that we are taking all the necessary steps to prevent any similar incidents from happening again.
To mitigate these types of attacks in future we have implemented ReCAPTCHA on log-ins to detect bots.
We highly recommend using the https://haveibeenpwned.com service to check whether your email address is included in any known data breaches, and be sure to change your passwords on all services where you were using the same log in details. To protect yourself entirely from this type of attack it is recommended that you never use the same password for more than one service or account.
If you have any questions please don’t hesitate to get in touch.
Sincerely,
The UserCrowd Team
On the Nov 29, 2018 UTC+10 we became aware of an unusual spike in user log-ins on UserCrowd. Upon further investigation we discovered that an unknown third-party had gained unauthorised access to a number of UserCrowd accounts.
Importantly, all of the affected accounts were accessed using valid email and password combinations. This incident was not due to a breach of UserCrowd systems or a brute force attack, and UserCrowd’s database has not been breached. The attacker has attempted to log in using user credentials from previous data breaches of unrelated online services. This type of attack is only effective if your credentials have been included in such a data breach in the past and you also used the same username and password on your UserCrowd account.
When the attack was first identified we temporarily disabled all user user log-ins until the situation was understood and additional security measures were in place.
We are contacting you because your account appears to have been logged in within the last 7 days, meaning that it is possible that your account has been accessed without your permission. Note that this does not mean that your account has necessarily been accessed; it is also possible that you simply logged in to your own account in this time.
As a precaution, we have logged all devices out of your UserCrowd account. In order to regain access to your UserCrowd account you will need to reset your password by visiting UserCrowd, entering your email address, and using the password reset link that is emailed to you. We strongly recommend using a different password than you used before.
At UserCrowd we place huge importance on the security of your data and, while the above incident did not arise from a breach of our systems, we want to ensure you that we are taking all the necessary steps to prevent any similar incidents from happening again.
To mitigate these types of attacks in future we have implemented ReCAPTCHA on log-ins to detect bots.
We highly recommend using the https://haveibeenpwned.com service to check whether your email address is included in any known data breaches, and be sure to change your passwords on all services where you were using the same log in details. To protect yourself entirely from this type of attack it is recommended that you never use the same password for more than one service or account.
If you have any questions please don’t hesitate to get in touch.
Sincerely,
The UserCrowd Team