Want to keep the TNW Conference vibe going?? Tickets for TNW2022 are available now >>

The heart of tech

This article was published on May 1, 2013

    Reputation.com resets all customers’ passwords as a precaution following security breach

    Reputation.com resets all customers’ passwords as a precaution following security breach
    Paul Sawers
    Story by

    Paul Sawers

    Paul Sawers was a reporter with The Next Web in various roles from May 2011 to November 2014. Follow Paul on Twitter: @psawers or check h Paul Sawers was a reporter with The Next Web in various roles from May 2011 to November 2014. Follow Paul on Twitter: @psawers or check him out on Google+.

    Another day, yet another online company has reported its systems have been compromised leading to customer information being tapped.

    Though it says it wasn’t “legally obligated” to do so, in an email to members yesterday, online reputation-management company Reputation.com informed members that it had suffered an external attack on its network, leading to some names, email and physical addresses, phone numbers, dates of birth, and occupational information being leaked.

    It also adds that a list of “highly encrypted” user passwords for a “small minority” of users was accessed. It does stress, however, that given the passwords were “salted” and “hashed”, it’s not likely these could ever be decrypted – but it has changed the password for every user as a precaution.

    Reputation.com is an online reputation management company that helps to suppress negative content in search results. It has somewhere in the region of one million users globally.

    Reputation.com is one of many online companies to have reported hacks in recent times – LinkedIn, Last.fm, Evernote, Scribd, Yahoo and, just last week, LivingSocial have all suffered attacks in the past year.

    While any kind of security compromise is clearly not a good thing, Reputation.com has done all it can retrospectively do on this occasion. It’s also offering free credit monitoring for a year to those affected.

    The full message to members can be read below:

    “April 30, 2013

    Dear [Name Redacted]:

    We are reaching out to let you know that Reputation.com recently identified, interrupted and swiftly shut down an external attack on our secure network.  Our network security personnel detected this breach shortly after it began, and took immediate steps to stop the attack before it could be completed.

    At Reputation.com, transparency and openness are part of our culture.  That’s why, although the extent of the breach and the limited kind of information accessed during this attack did not legally obligate us to provide notice to our users, we nevertheless felt it was important to let you know that this event occurred.

    It appears that of all the locations in the world where our affected users reside, only the jurisdiction of North Dakota requires us to disclose information about this incident to its residents.  However, out of an abundance of caution and due to our strong interest in transparency, we are notifying affected users, regardless of location.

    Following the attack, our engineering and security team immediately conducted an exhaustive investigation, working closely with independent security experts to determine what information may have been accessed.  We are also implementing additional security measures, beyond the high level of security that is already in place, to ensure your continued protection.

    To give you some assurance, we want to be clear what was NOT accessed:

    Financial information, such as credit card numbers or bank account information – which we do not store on our systems
    Social Security Numbers and drivers license numbers, which we do not ask for or require our users to provide (so you likely did not volunteer this information)
    Your account details, including why you retained our services
    Communication between you and our team
    Any details about the services we provided to you

    The personal information that was accessed included:

    Names
    Email and physical addresses
    In some instances, phone numbers, dates of birth, and occupational information

    Additionally, a list of highly encrypted (“salted” and “hashed”) user passwords for a small minority of our users was accessed.  Although it was highly unlikely that these passwords could ever be decrypted, we immediately changed the password of every user to prevent any possible unauthorized account access.

    Based on the type of information accessed, we do not believe it’s likely that you will experience any future issues as a result of this incident.  However, out of an abundance of caution, we are offering free credit monitoring for a year to those affected clients who request it within the next 30 days.

    Security and your privacy remain our absolute first priority.  Please do not reply to this email.  We have established a confidential assistance line; if you have additional questions, or to receive instructions on how to register for the one (1) free year of credit monitoring, professionals will be at your disposal, Monday through Friday, 8:00 a.m. E.S.T. to 8:00 p.m. E.S.T., at (866) 597-8199.  For identification purposes, please provide reference number 7373043013 when calling.

    Thank you.

    The Reputation.com Team”