1. Forums
  2. Mystery Shopping Discussion

Anyone get any notice of a possible iSS Data Breach for 3/21/19???

March 22, 2019 04:29PM
I went to sign in on Confero, which is a Sassie platform. HOWEVER, underneath the sign-in box, was this notice:

**IMPORTANT** We are writing to inform you that Prism Intelligence informed the MSPA (Mystery Shopping Professionals Association) that there was a data breach attempt on the PRISM platform yesterday, 3.21.19, whereas someone had obtained a database with user names, emails, and passwords and were attempting to login to their platform on a massive scale to overwrite shoppers PayPal email address so that payments due them would be redirected to these hackers. Some evaporators’ PayPal addresses had been surreptitiously changed so that their payments were redirected to fraudulent recipients. Confero’s shopper database has NOT been affected. Confero uses the SASSIE platform which has no connection to PRISM.

So I thought, well, WHICH MSC uses Prism??? So I googled Prism mystery shopping, and I was directed to the Prism web site, and read this paragraph about a third of the way down:

The Prism database contains approximately 1,000,000 registered Independent Contractors – all of whom have registered with iSecretShop – not with specific MSPs.

Here is the LINK to the Prism page where I read this information:
[prismintelligence.com]

So....is it in fact true that iSS uses the Prism platform??? And if so, WAS the DATA BREACHED on 3/21/19 as stated on the Confero site??? And IF TRUE, HOW COME NO ONE from the iSS platform has issued any sort of statement??? There is NOTHING on the iSS site, that I can find, to indicate this.

Just wanted to put this out there in case something is going on that we should know about!! Anyone else have any info??? Is this a "nothing-burger" or something to be concerned about??? Thanks in advance for anyone who has any clarifying info on this!!

Edited 1 time(s). Last edit at 03/27/2019 02:47PM by guysmom.
Reply
Log In
x

Create an Account or Log In

Membership is free. Simply choose your username, type in your email address, and choose a password. You immediately get full access to the forum.

Already a member? Log In.

March 22, 2019 05:33PM
It appears that Prism may use the ISS platform. I have a signed ICA with Prism on ISS. I did go in and change my password on ISS just to be safe.
Reply
March 22, 2019 07:02PM
I updated my paypal account with additional security layers just now.
Reply
March 22, 2019 07:02PM
I changed my ISS pswd and will look into Paypal. Great ideas.
Reply
March 22, 2019 09:54PM
Yes, I've changed my iSS password also. But what I want to know is.....WHY HASN"T ANY NOTICE GONE OUT TO SHOPPERS ABOUT THIS from iSS???? That's my biggest concern....how much MORE TIME could have elapsed until I changed my iSS password if I hadn't seen this earlier??? Doesn't iSS have any sort of responsibility to let its shoppers know if their data has been breached????
Reply
March 22, 2019 10:00PM
It is concerning, especially with lots of shoppers personal info on their website.
Reply
March 23, 2019 02:59AM
I tried logging into the app on my phone, but it says my information is invalid. I logged on from the computer, changed my password, and I'm able to log on. I still can't get in using the app on the phone.
Reply
March 23, 2019 03:14AM
If I'm reading the Confero notice right, it doesn't say Prism was breached. It says someone has a database that they tried to use in an attempted breach of Prism. So somebody's database has been breached, we don't know whose, and the bad guys are actively using the stolen database, changing or trying to change PP email addresses on any MSC database they can get into. As for Confero's statement that they're not involved because they are on Sassie, they may not be involved but Sassie MSCs may still be targeted and probably are being targeted.

So thanks to Prism for reporting the attempt to MSPA, and to Confero for posting it on their login page. And thanks to guysmom for posting it here.

But why isn't the MSPA publicizing this? They could at least put a notice on their home page, but I was just there and there isn't any mention of Prism's report.
Reply
March 23, 2019 03:45PM
I was looking on the main site for ISS, and it stated that MSCs wanting to use the ISS platform should contact Prism Intelligence. It looks like Prism created the entire ISS platform. Makes more sense now why Prism noted the hack.
Reply
March 23, 2019 04:03PM
Yes, but except for Confero posting about it on their Sassie site (and I'm grateful that they did!) NO ONE from Prism OR iSS has notified the SHOPPERS!!!! Why can't they send out a mass email??? I've changed my password and all looks fine with my paypal, but if I hadn't happened to see the note on the Confero site, I'd have never known!!

Edited 1 time(s). Last edit at 03/23/2019 04:05PM by guysmom.
Reply
Sorry, only registered users may post in this forum.

Click here to login