Data Breach Summary
In a shocking turn of events, Collect Reward, a leading customer loyalty platform dedicated to helping businesses attract and retain customers through personalized rewards programs, has become a victim of a significant security breach. On August 7, 2023, our diligent team at InsecureWeb detected this breach within the domain of CollectReward.co. It is essential to note that the breach detection date does not imply the breach occurred on that specific date. The breach involved the compromise of a database containing sensitive information from CollectReward.co. The notorious hacker known as “Cyb” claimed responsibility for the breach, publicly disclosing the stolen data on the dark web forum “onniforums.com.”
The compromised database revealed a substantial amount of critical details, totaling approximately 2.20MB of compromised information. Among the leaked data were unique identifiers (IDs), third-party login IDs (such as Facebook, Google, Apple, and Line), user emails, passwords, avatar URLs, names, birthdates, genders, contact emails, addresses, mobile numbers, and loyalty program-related data. This breach poses significant concerns about customer privacy, demanding immediate action to mitigate potential misuse and safeguard the affected individuals.
Where and How?
The breach infiltrated the fortified digital infrastructure of Collect Reward, casting a shadow over its commitment to customer loyalty. Exhaustive investigations have revealed that this breach transpired within the secretive confines of the dark web forum “onniforums.com.” Using advanced hacking techniques, the malevolent hacker Cyb infiltrated CollectReward.co’s database, specifically targeting sensitive customer data stored within their extensive repositories.
Cyb discreetly extracted and subsequently released the stolen information, exacerbating the severity of this malicious act. The compromised data, including personally identifiable information, login credentials, and loyalty-related details, necessitates robust security measures and preventative countermeasures to mitigate potential consequences and protect the affected individuals.
A Screenshot of the data can be found below:
Company Data Breach History
Until this breach, Collect Reward had maintained a commendable track record, devoid of any known history of reported security breaches. As a pioneer in the realm of customer loyalty, Collect Reward has consistently prioritized robust cybersecurity measures and stringent data protection protocols.
Although this breach presents an unforeseen setback, Collect Reward remains resolute in its commitment to enhancing its security infrastructure and addressing emerging cybersecurity challenges. By conducting comprehensive security audits, fortifying data encryption measures, and cultivating a culture of cybersecurity awareness, Collect Reward aims to regain customer trust and reinforce data protection within the loyalty landscape.
In an era dominated by evolving cyber threats, it is crucial for individuals and organizations to remain vigilant and adopt stringent cybersecurity practices. Implementing robust firewalls, advanced encryption protocols, and ongoing security assessments are paramount to safeguarding sensitive customer information and fostering a secure loyalty program ecosystem.
Recommendations for Personal Data Protection
How Users Can Protect Their Information
To protect their personal information and accounts from being compromised, users should take the following steps:
– Change their passwords frequently, with a combination of letters, numbers, and symbols.
– Enable two-factor authentication whenever possible.
– Use unique passwords for each account, to prevent hackers from accessing multiple accounts with the same password.
– Be cautious of suspicious emails or messages, as they may contain phishing links that can compromise their accounts.
– Regularly monitor their accounts for any suspicious activity.
What is InsecureWeb?
InsecureWeb is a Dark Web monitoring service that keeps track of recent data breaches and tracks their impact by monitoring the darkest places of the internet. InsecureWeb notifies users and enterprises when their data has been found online and helps them mitigate the impact.