DataCamp notifies users of hack, forces password reset
On February 11, DataCamp discovered that it had been hacked. With thanks to “Russy” for sending this along, the following is DataCamp’s update on the situation, posted today by Robert Cabral:
On Monday, February 11, 2019, we discovered that some user data was exposed by a third party who gained criminal unauthorized access to one of our systems.
What has DataCamp done?
We are still investigating the precise causes and are retaining a leading digital forensics and security firm to assist us in the work being conducted by our internal security team. We will be notifying the data protection authorities.
We are taking steps to protect our users, including the following:
- We have notified the users we believe were affected or potentially affected via email.
- Out of an abundance of caution, we are logging out all DataCamp users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords and prompting them to reset their passwords.
- We continue to monitor for suspicious activity and to make enhancements to our systems to detect and prevent unauthorized access to user information.
Has DataCamp notified affected users?
Yes, we have notified by email the users we believe were affected or potentially affected.
What kind of data was affected?
A subset of DataCamp users were affected. The following information may have been exposed:
- Personal information
- Email address
- Optional information including location, company, biography, education, picture
- Account information
- Hashed passwords using bcrypt
- Creation date
- Last sign in date
- Sign in IP address
Was my payment information compromised?
We do not store credit card data and thus do not believe credit card or Paypal data were affected.
Was my account affected?
Our investigation is ongoing, but we believe that while some DataCamp users were affected, the majority were not. You would have received an email from the DataCamp team prompting you to reset your password if we believe you were affected.
Even if you were not affected, you can certainly reset your password or email our support team directly at [email protected] with additional questions.
How can I reset my password?
Should I also reset my password for other DataCamp or connected accounts?
It is generally a best practice to regularly change and not reuse the same password across multiple services or multiple accounts. We recommend that people change their passwords if they are doing so.
How do I delete my account and all of my data from DataCamp?
Note: This action cannot be undone. Deleting your account will delete your entire account and all data associated with it.
Your account can be deleted directly from your account settings, once logged into DataCamp. More information can be found in our ‘Delete your Account’ Help article.
What is being done to make sure this does not happen again?
Our investigation is ongoing. We will continue to work both internally and with our outside experts to gain a better understanding of what happened and take further action as needed. Our efforts to protect our users and prevent this type of incident from happening in the future are our top priority.