Survey rewards platform SurveyLama says it is aware of a data breach impacting the personal information of more than 4.4 million users.
The incident occurred in February but came to light this week, when the leaked information was added to the data breach notification platform Have I Been Pwned (HIBP).
According to the alert service, more than 4.4 million user email addresses were compromised in the incident, along with various types of personal information, including names, addresses, phone numbers, dates of birth, and IP addresses.
“Passwords stored as either salted SHA-1, bcrypt or argon2 hashes” were also compromised, HIBP says. Although not immediately usable, hashed passwords can be cracked with enough time and effort, potentially exposing user accounts to further compromise.
Responding to a SecurityWeek inquiry, SurveyLama said it has already prompted a platform-wide password reset to help users keep their accounts secure.
“We notified users by email by deleting their password so that they could create a new one,” the platform said.
“We were already notified of a possible leak a month or two ago,” SurveyLama revealed.
The platform also said that it does not know how the leak occurred and that it has “made security checks and modifications to strengthen our system”.
SurveyLama allows registered users to earn monetary rewards by completing surveys, promising earnings of up to $300 per month. The platform is owned by French company Globe Media.
Users should reset the password for their SurveyLama accounts as soon as possible and should also change their credentials for any other online account secured with the same email and password pair.
Related: Prudential Financial Data Breach Impacts 36,000
Related: OWASP Data Breach Caused by Server Misconfiguration
Related: Massachusetts Health Insurer Data Breach Impacts 2.8 Million