[IMPORTANT] A cyber-attack has occurred. Please change your password.
Thank you for your continued participation.
Earlier this morning our member site was attacked, and some members' accounts were illegally accessed.
If you have not received an email from us about this, your account was not affected. You do not need to worry or contact us regarding this. However, changing your password as a precaution is recommended.
Please see details as below:
1. Incident Overview
From approximately 12:00 AM Aug 18th, to 9:00 AM August 19th, our India member page was targeted by a cyber-attack known as a "list attack".
A "list attack" is an attack where login details are stolen from one website and published or sold illegally, and then attackers try to use the same email and password combination to log into other websites. In this type of attack, any person who has used the same email address and password for multiple websites is at risk of having their account illegally accessed.
The same email address and password combinations in this list were used to attempt to log into Rakuten Insight Surveys.
1062 accounts were illegally accessed through this method.
The RIS India member site also experienced slowdown due to the high number of accesses during the attack.
2. Action for Members
The members whose accounts were accessed illegally have received an email directly and had their passwords change automatically to prevent further illegal access.
Please click "Lost your password?" on the login page, and set a new password.
However, to members who are using the same password on other websites, we recommend you change your password as a precaution.
In order to protect yourself against such attacks, we strongly recommend that you never use the same combination of email address and password for multiple websites.
3. Illegally Accessed Data
In order to completely assess what data was accessed during this attack, more time is required. We will announce details as soon as the incident has been investigated completely.
4. Our Response
As of now, we have blocked access from all of the IP addresses from which the attacks originated, and have reset the passwords of accounts which were illegally accessed. We are continuing to investigate the situation.
If you have any questions pertaining to this issue, please contact us via our inquiry form.
Thank you for your cooperation and continued participation.