Potential Account Data Breach: QuestionPro
Hackers attempt extortion with unverified database
In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22 million unique email addresses (some of which appear to be generated by the platform) are alleged to have been extracted from the service, along with IP addresses, browser user agents, and results relating to surveys. QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), so the data has been flagged as "unverified" and may have been sourced from another location.
Of the accounts listed, approximately 150 UMBC accounts were indicated in this potential breach. The victims are being notified via their UMBC emails. If you have an account with QuestionPro, please contact them to see if you have been affected by this breach.
More information on the QuestionPro potential breach (and subsequent extortion attempts) can be seen at an article from Bleeping Computer: https://www.bleepingcomputer.com/news/security/hackers-try-to-extort-survey-firm-questionpro-after-alleged-data-theft/
If you have any questions or concerns, please email us at security@umbc.edu. Information about this potential breach was provided to us by Have I Been Pwned (HIBP): https://haveibeenpwned.com.
Tags:
Posted: August 17, 2022, 1:19 PM
