Freelancer.com, an Australian online marketplace for finding odd jobs, has now announced that its users credentials may not be safe. It has contacted some of its customers alerting them that their Freelancer.com user credentials have been found in public dumps of leaked data from third party sites, in a form of damage control.
ZDNet has gotten hold of an email sent to its clients redirecting its customers to haveibeenpwned.com to check if they are affected or not. Nicholas de Jong, VP Security and Operations at Freelancer also clarified on how they discovered this potential breach. "Recently while cross checking public dumps of third party credential leaks from sites like Adobe, Linkedin, and Elance (and many more), we observed users that appear to have credentials in common with those dumps and thus took measures to protect our users affected,” Jong told the publication.
In other words, users were found to have utilised their Freelancer.com credentials on other sites, from where data has made its way to the public domain. In its email, the company even suggested a password reset, to something possibly unique, as a security measure for its users. Jong also suggests that users should not keep a uniform password on its Web logins, and must mix it up for added security.
Freelancer also noted that the compromise was not due to any hack in the Freelancer.com website property, and did not speculate about how user credentials landed in a public dump.
These data breaches have become common headline maker sin recent times. Companies like Zomato and Reliance Jio have also been reported of hacks exposing sensitive data of its users. Zomato admitted to the major security breach last month, where around 17 million user records - out of the company's 120 million users - were stolen from its database. According to the company, usernames and hashed passwords were stolen by the attackers. If you haven’t already, the sensible move would be to change your Zomato password right away, and also to change it on any site where you use the same passwords.
We must also remind our users once again that using the same passwords across multiple sites is a really bad idea, so if you're doing that anywhere, please change your passwords, and get a password manager.