A Latest Safety Incident: How We’re Responding – amandaanswers.com


To the Bonusly neighborhood,

Safety is a prime precedence for us at Bonusly. We construct safety into our methods, our processes, and our tradition. We perceive our clients and customers are trusting us with their knowledge and we take the accountability of securing it extraordinarily severely.

We lately grew to become conscious that Bonusly has joined a rising record of firms over the past three days which can be being impacted by safety incidents.

What occurred

Most critically, Bonusly was not the unique goal of this incident, and none of our buyer firm or private knowledge has been stolen.

We have now recognized a foul actor that has used a lot of compromised credentials uncovered in third-party breaches to fraudulently entry and redeem rewards inside the Bonusly platform. We have now assembled an inventory of compromised accounts, applied know-how to blocklist recognized intruders, and are making extra safety enhancements to deal with this particular incident. It’s our understanding that legislation enforcement is conscious of the broader suite of incidents and is investigating.

What we’re actively doing

We will likely be contacting any buyer who’s probably in danger to speak the best way to take extra actions to additional shield your account. We’ll embody directions and ideas on additional safety measures that may be taken by your group and particulars on actions taken by Bonusly immediately associated to your account.

We have now included updates to the Bonusly in-app expertise, plus safety suggestions you possibly can take under if relevant. We’ll proceed to replace you with the utmost transparency.

For Bonusly Clients: In-app updates & the best way to safe your passwords

Listed below are among the fast actions that Bonusly is taking in response to this incident:

  • Imposing a each day restrict of $300 for reward redemptions per person.

  • Eradicating the flexibility for admins to regulate person balances.
    Consumer balances can nonetheless be adjusted administratively by reaching out to your Bonusly CSM.

  • Growing safety and complexity necessities for passwords.
    For customers who authenticate by way of net login (username and password), Bonusly makes use of an algorithm that analyzes the complexity of your password to make sure it’s sturdy and distinctive. We have now adjusted our algorithm to extend the required complexity. This implies you can be required to have a stronger and safer password to guard your Bonusly account (and your Bonusly factors!) from intruders. When you authenticate to Bonusly by way of SAML or SSO from different third occasion methods (Okta, GSuite, and so forth.), we strongly suggest the usage of sturdy passwords and multifactor authentication (MFA) for these methods.

Right here’s an inventory of our go-to suggestions for creating safe passwords:

  • By no means reuse passwords

  • Use 2 issue authentication wherever doable (extremely advisable)

  • Use no less than 15 characters in your password (the extra, the higher!)

  • Use a combination of each uppercase and lowercase letters

  • Combine in letters and numbers, passphrases are the very best!

  • Embrace no less than one particular character

  • Attempt to keep away from utilizing precise phrases from any language by themselves as a result of they’re simpler to guess and decode (i.e., Burgundy)

  • Think about using a password supervisor program to maintain monitor of your passwords, which defeats loads of normal hacking makes an attempt

You’ll be able to be taught extra about organising MFA in our Assist Middle

We’re dedicated to protecting Bonusly safe for all customers, and we admire your partnership in making this occur.

Raphael Crawford-Marks,
Founder & CEO, Bonusly