Big Crumbs Hacked?!
#1
Original Poster
Join Date: Aug 2011
Posts: 866
Big Crumbs Hacked?!
BigCrumbs.com is currently offline while we continue to investigate possible fraudulent activity.
UPDATE - 1/29/2015 - 11:05AM EST
Dear Valued Members,
We have determined that there has been unauthorized access to a number of member accounts. The number of confirmed affected accounts as of this writing is under 200. This number may increase as we continue to investigate.
It is important to note that this does not appear to be a "hack" or site-wide breach of the type popularized in news reports of other companies. Rather, it appears to be the compromise of a limited number of accounts that utilized common or overly-simple passwords, or otherwise re-used credentials from a different site that was previously breached.
Additional Information:
There is no evidence that our servers or databases were compromised or penetrated. We continue to research this with our hosting provider.
There is strong evidence that the means of unauthorized access were enabled via:
The attacker(s) taking advantage of the use of weak or common account passwords (including accounts for which the passwords were the same as the User IDs)
The attacker(s) utilizing user account credentials gained from breaches of other sites, wherein members used those same User ID/password combinations at BigCrumbs. Such credentials are widely sold/shared by potential attackers.
The attack appears to have started on January 18, 2015, but possibly as early as December, 2014.
Unauthorized access may have potentially revealed such member information as first and last name, e-mail address, postal address, and cash back history.
It is extremely important to avoid the use of common or overly simple passwords, as well as to avoid the reuse of account credentials at multiple sites.
What we are doing:
While we are still investigating and working to identify affected member accounts, we are also in the process of reaching out to those known to be affected, as well as our members in general.
As a precaution, the BigCrumbs.com site will remain offline until we've put into place several security measures, including:
All members will need to reset their passwords upon their next sign-in attempt after the site is restored.
Password requirements will become more stringent.
BigCrumbs will not be able to pay members who have not reset their passwords. In some cases, additional verification may be required.
BigCrumbs's next scheduled payday is February 2, 2015 (because January 31st falls on a weekend). We are working to avoid delays in payment or any additional service interruption, however, securing affected accounts ahead of issuing payments is our priority. As such, there may be delays in this period's payments for the first time in BigCrumbs history.
We will update here with any additional details as they become available.
We apologize for any inconvenience to our valued members that this unfortunate incident may have caused.
Sincerely,
Vince Martin
CEO
BigCrumbs.com
UPDATE - 1/29/2015 - 11:05AM EST
Dear Valued Members,
We have determined that there has been unauthorized access to a number of member accounts. The number of confirmed affected accounts as of this writing is under 200. This number may increase as we continue to investigate.
It is important to note that this does not appear to be a "hack" or site-wide breach of the type popularized in news reports of other companies. Rather, it appears to be the compromise of a limited number of accounts that utilized common or overly-simple passwords, or otherwise re-used credentials from a different site that was previously breached.
Additional Information:
There is no evidence that our servers or databases were compromised or penetrated. We continue to research this with our hosting provider.
There is strong evidence that the means of unauthorized access were enabled via:
The attacker(s) taking advantage of the use of weak or common account passwords (including accounts for which the passwords were the same as the User IDs)
The attacker(s) utilizing user account credentials gained from breaches of other sites, wherein members used those same User ID/password combinations at BigCrumbs. Such credentials are widely sold/shared by potential attackers.
The attack appears to have started on January 18, 2015, but possibly as early as December, 2014.
Unauthorized access may have potentially revealed such member information as first and last name, e-mail address, postal address, and cash back history.
It is extremely important to avoid the use of common or overly simple passwords, as well as to avoid the reuse of account credentials at multiple sites.
What we are doing:
While we are still investigating and working to identify affected member accounts, we are also in the process of reaching out to those known to be affected, as well as our members in general.
As a precaution, the BigCrumbs.com site will remain offline until we've put into place several security measures, including:
All members will need to reset their passwords upon their next sign-in attempt after the site is restored.
Password requirements will become more stringent.
BigCrumbs will not be able to pay members who have not reset their passwords. In some cases, additional verification may be required.
BigCrumbs's next scheduled payday is February 2, 2015 (because January 31st falls on a weekend). We are working to avoid delays in payment or any additional service interruption, however, securing affected accounts ahead of issuing payments is our priority. As such, there may be delays in this period's payments for the first time in BigCrumbs history.
We will update here with any additional details as they become available.
We apologize for any inconvenience to our valued members that this unfortunate incident may have caused.
Sincerely,
Vince Martin
CEO
BigCrumbs.com
#7
Join Date: Feb 2014
Location: SQSP
Programs: 1&2
Posts: 167
Update from website
UPDATE - 2/18/2015 - 11:23AM EST
We are working tirelessly to bring BigCrumbs back online and we are aggressively projecting to be back up within the next 2-3 days.
Hang in there. Won't be much longer now!
We are working tirelessly to bring BigCrumbs back online and we are aggressively projecting to be back up within the next 2-3 days.
Hang in there. Won't be much longer now!
#10
Join Date: Mar 2007
Location: S Cal
Programs: AA Lifetime Plat, United Silver, Marriott Plat, IHG Plat
Posts: 1,142
The opposite might be the case. If this were my business, after such a prolonged blackout, I would consider offering a special bonus once the site is up and running again as an inducement to get my old customers back.
#15
Join Date: Feb 2009
Posts: 3,737
The new system seems a bit confusing.