I got the same message, is this true or is this another scam, I got this from Marguerite Turner. I also saw a lot less shops on iSecretshop than usual, I only do about 2 shops a month for them. Please explain cause this is concerning.
Marguerite Turner <mturner@elitecxs.com>
9:32 AM (4 hours ago)
to me
Dear Elite CX Solutions Evaluator,
It has come to our attention that one of the industry’s software platform providers, Prism Intelligence (formerly iSecretShop), was recently the subject of a data breach attack.
After further investigation and analysis, we conclude that Elite CX Solutions’ systems were not targeted by this attack.
However, in keeping with our principles of transparency and maximizing security awareness in the industry, we wish to inform you of the details of this attack, what steps we have taken, and next steps you should take.
Summary
Last week, attackers targeted the Prism Intelligence system. The attackers appeared to use a database in their possession containing usernames/emails/passwords with a credential stuffing attack. They would attempt to use their list of usernames/emails/passwords to log in to the Prism Intelligence system as a shopper, and if successful and the shopper had pay pending, would change the shopper’s PayPal email address to one that was controlled by the attackers. The end result would be that any payments due to the shopper would instead be routed to the attackers. While there were a number of shoppers’ credentials used to log in, reports are that only a very small number in the Prism Intelligence system had their PayPal email addresses changed.
Details
Prism Intelligence notified the MSPA of this attack, who promptly notified the member companies in the association. Upon hearing of this attack, our partner Research Metrics’ global security and infrastructure teams collaborated with Prism Intelligence regarding technical details. The teams then performed an intensive investigation and analysis of user activity to determine if our platforms had been targeted. After reviewing all logins and profile “change” activity, we saw no data to indicate that we had been targeted by such an attack.
Concerns / Next Steps
Of key concern is the fact that the attackers had a previously-obtained database of unprotected “plaintext” shopper usernames/emails/passwords. While it is uncertain as to when this database was obtained by the attackers, it was likely obtained from a company involved in the industry. However, we do not believe that this database was obtained from Research Metrics’ or Elite CX Solutions’ platforms for two reasons: (1) many of the email addresses that were used in the attack do not exist in our platforms, and (2) all passwords in Research Metrics’/Elite CX Solutions’ platforms are stored using the best practices of a one-way, unique salted hash – there is no way to “pull a list” of passwords, even by Research Metrics or Elite CX Solutions staff. Prism Intelligence also believes that the compromised database used for the attack was not obtained from them or from a Research Metrics/Elite CX Solutions platform.
For the reasons outlined above, we strongly urge you to Change your login credentials on all platforms and companies that you are registered with to ensure you are protected:
As a leader in the mystery shopping industry, vigilance is a core principle of our security posture. We strongly urge you, as an evaluator, to perform the above steps. We will keep you informed of any additional information we learn about regarding this attack and welcome any questions or feedback you have for us.
The Elite CX Solutions Team
ATTENTION: For your convenience this email contains links that allow you to log onto your account without entering username and password. DO NOT send or forward this email to another person because he/she will get access to these links and may gain access to your account. If you suspect that someone has gained access to this email, please, change your password immediately. Changing your password will deactivate all links in this email.
Don''t miss a single notification e-mail! Remember to add
Notifications@EliteCXS.com to your address book for uninterrupted delivery.
Attention: Shopper Relations