Over the weekend, Auth0 experienced a DDOS/Hack that exposed email/passwords of users on their system. Then the hackers went into EarnHoney and tried to login with the stolen passwords.
This is what we are doing:
- Any accounts that had changed emails this weekend are being disabled for security.
- We are going to reset the emails, based on the information from redemptions in the last month.
- Any redemptions from these accounts will be denied, and the points awarded back to the original owner.
- High fraud, low ad demand countries would be blocked until further notice.
- Changing emails, passwords, and phone numbers will require TFA authentication.
How to prevent this from happening in the future:
- Keep your EHC password different from other applications (should do this for everything!)