Massive SurveyLama Data Breach Affects Millions of Users

Paige Henley
Paige Henley Editor
Published on: April 9, 2024
Paige Henley Paige Henley
Published on: April 9, 2024 Editor

SurveyLama, an online survey platform that pays users for completing third-party surveys, has suffered a massive data breach affecting 4,426,879 users. The breach exposed the personal data of users, including:

  • Email address
  • Phone number
  • Full name
  • Date of birth
  • IP address
  • Physical address
  • Hashed passwords (stored in salted SHA-1, bcrypt, and argon2 hash forms)

The hack was first discovered at the beginning of February by Troy Hunt, the creator of Have I Been Pwned (HIPB), a data breach alerting service. In addition, Hunt reached out to SurveyLama, which confirmed that it had already notified users through the email they used to register an account.

SurveyLama has acknowledged the breach and notified the affected users by email:

“We were already notified of a possible leak a month or two ago,” SurveyLama reported. Though it doesn’t know how the data breach occurred, it has “made security checks and modifications to strengthen [their] system.”

So far, the stolen data has not appeared on any dark web sites and has yet to be made public. So, it’s not too late to protect your information if you are one of the impacted users. Here’s what SurveyLama and cybersecurity experts suggest:

  • Change your SurveyLama password immediately
  • Reset login details and credentials for any websites that use the same email or password as your SurveyLama account
  • Ignore suspicious emails, texts, and calls that may be from malicious actors

Surveylama is an online paid survey site. Every day users are offered to participate in paid surveys, and at the end of their participation, they receive LamaPoints (LP). These LamaPoints (LP) are redeemable for Paypal transfers and Amazon gift vouchers. The site also hosts contests, challenges, and other ways that users can win prizes. Surveylama collects personal information through a series of questions when a user registers an account, and then it sends the user surveys.

About the Author
Paige Henley
Published on: April 9, 2024

About the Author

Paige Henley is an editor at SafetyDetectives. She has three years of experience writing and editing various cybersecurity articles and blog posts about VPNs, antivirus software, and other data protection tools. As a freelancer, Paige enjoys working in a variety of content niches and is always expanding her knowledge base. When she isn't working as a "Safety Detective", she raises orphaned neonatal kittens, works on DIY projects around the house, and enjoys movie marathons on weekends with her husband and three cats.