- Impact
- 528
Has anyone else just received a ton of emails from BrandRoot? I just got over 30 emails stating my account was closed, but the emails also reference other users accounts. Am I the only person who received emails like this?
Cloudflare is anti DDOS protection. It does not protect against validation flaw, SQL injection attacks etc. I hope you realize that.Yes, it is very disconcerting. We have had many recent hack attempts, which all have been blocked but it seems some of our code may have been affected in some way. We are doing everything we can to restore accounts and prevent this from happening again. We have also integrated CloudFlair to help prevent future hacks. This problem is obviously something we failed to catch.
I hope nobody reuses the same passwords across sites...
Very sorry everybody! Looks like our email system had a bit of breakdown.
Looks like a very sloppy hack/phishing attempt.
That's lot of mails
@Brandroot Have any of your sellers' passwords been exposed in this apparent hack?
This happened to me and 14 other users on 23-SEP-2015. Everyone on the public list could see everyone else's email details.
I expressed my concern regarding the fact that my account details were made public and also my disbelief that Brandroot cannot organise a simple BCC mailing list. They did not reply to my complaint.
I have since withdrawn all my names and never used Brandroot again. I'm saddened, but not surprised, that their complacency continues...
I couldnt agree more. Loading.....They should just close the service if they cannot provide data security
Show attachment 31354
I was asked to verify my account via link. I mistakenly entered my username and password in the same window, not thinking it could have been related to a hack.
Show attachment 31353
Potentially sensitive information has been leaked:
Username:
Name:
Email Address:
Yes, it is very disconcerting. We have had many recent hack attempts, which all have been blocked but it seems some of our code may have been affected in some way. We are doing everything we can to restore accounts and prevent this from happening again. We have also integrated CloudFlair to help prevent future hacks. This problem is obviously something we failed to catch.
@Dominium we did get your message and that issue was resolved. This is a separate, site-wide problem.
We take the security of your information very seriously and have taken every step possible to protect the site, including encrypting every page with HTTPS, utilizing CloudFlair, and implementing very strict form validation. Please be patient with us while we resolve this problem. Again, I'm very sorry that we allowed your data to be compromised. The information was only sent out to existing Brandroot sellers and possibly a few Brandroot seller applicants. My hope is in the integrity of this industry. Please delete any emails that were sent to you by mistake.
Nothing but email address's and names were exposed to the limited number of sellers who received the emails.