SurveyLama exposes 4.4 million users in a data breach

SurveyLama, an online survey platform owned by French firm Globe Media, has been hit by a major data breach. The platform is known for offering high rewards, up to $20, for completed surveys, and it provides swift payments along with a variety of withdrawal options.

The breach came to light when Troy Hunt, the creator of HaveIBeenPwned (HIBP), was alerted by one of the affected SurveyLama users.

The breach compromised the sensitive information of total of 4,426,879 users. Exposed data includes:

• dates of birth,
• email addresses,
• IP addresses,
• full names,
• passwords,
• phone numbers,
• physical addresses.

The passwords exposed in the breach were stored in three forms: salted SHA-1, bcrypt, or argon2 hashes. Although these hashing algorithms add a layer of security against unauthorized use, the salted SHA-1 hashes are vulnerable to brute-force attacks. 

All affected individuals are being via email by SurveyLama, but no details are disclosed about the nature of the breach.

SurveyLama users should reset their passwords on the platform and on any other sites where they might have reused the same credentials.