User Crowd has been compromised

Topaz

Money Making Megastar!
Joined
Mar 22, 2014
Messages
2,091
Points
293
Website
serendipitysays1.blogspot.co.uk
In case anyone hasn't had the email, this just landed in my inbox:

On the Nov 29, 2018 UTC+10 we became aware of an unusual spike in user log-ins on UserCrowd. Upon further investigation we discovered that an unknown third-party had gained unauthorised access to a number of UserCrowd accounts.

Importantly, all of the affected accounts were accessed using valid email and password combinations. This incident was not due to a breach of UserCrowd systems or a brute force attack, and UserCrowd’s database has not been breached. The attacker has attempted to log in using user credentials from previous data breaches of unrelated online services. This type of attack is only effective if your credentials have been included in such a data breach in the past and you also used the same username and password on your UserCrowd account.

When the attack was first identified we temporarily disabled all user user log-ins until the situation was understood and additional security measures were in place.

We are contacting you because your account appears to have been logged in within the last 7 days, meaning that it is possible that your account has been accessed without your permission. Note that this does not mean that your account has necessarily been accessed; it is also possible that you simply logged in to your own account in this time.

As a precaution, we have logged all devices out of your UserCrowd account. In order to regain access to your UserCrowd account you will need to reset your password by visiting UserCrowd, entering your email address, and using the password reset link that is emailed to you. We strongly recommend using a different password than you used before.

At UserCrowd we place huge importance on the security of your data and, while the above incident did not arise from a breach of our systems, we want to ensure you that we are taking all the necessary steps to prevent any similar incidents from happening again.

To mitigate these types of attacks in future we have implemented ReCAPTCHA on log-ins to detect bots.

We highly recommend using the https://haveibeenpwned.com service to check whether your email address is included in any known data breaches, and be sure to change your passwords on all services where you were using the same log in details. To protect yourself entirely from this type of attack it is recommended that you never use the same password for more than one service or account.

If you have any questions please don’t hesitate to get in touch.

Sincerely,
The UserCrowd Team
 

Petlamb

Money Making Megastar!
Joined
Nov 9, 2015
Messages
266
Points
138
Location
Gateshead
Ugh.

Also, is it just me or have the amount of tests dramatically decreased after the rebrand? I've gone from getting loads per day to never getting any at all. :(

ETA - I just logged in there and found 2 tests available! lol
 
Last edited:

LouLou42

Money Making Megastar!
Joined
Dec 25, 2017
Messages
150
Points
173
Age
43
I have had issues where I have requested a reset email after I couldnt log in but nothing appeared in any mailboxes after numerous attempts.. messaged them and have just had an email saying thanks for letting us know but it looks like the issue is sorted as you logged in a hour ago, I have replied to say that's not possible as I was nowhere near a device to log in. I think there may be an issue.. waiting on a response...
 

Members online


Amazon Discount Finder Tool

Find hidden 80%+ savings on Amazon products



 

 

 

 

 

 

 

Forum statistics

Threads
7,380
Messages
199,737
Members
11,387
Latest member
jbniche1