What Happened?
We recently became aware of a breach of BeerAdvocate user data that occurred between 2012 and 2013. After a thorough investigation from an independent third party cyber security firm, it was confirmed that BeerAdvocate user login credentials (email address, BeerAdvocate forum password) were lost and aggregated along with breaches of other websites into a breach dataset that became known as CouponMom 2014. We are notifying you as your BeerAdvocate forum login credentials may have been affected at that time. Importantly, BeerAdvocate did not possess or lose any financial information or information that is likely to lead to identity theft.
The exact method of breach could not be determined, due to the incident occurring seven to eight years ago. However, from the number of emails involved and understanding the password hashing scheme in use in that timeframe, it is possible that the BeerAdvocate third party forum software user database was compromised, and a since-retired password hashing method allowed some passwords to be derived. These credentials appear to have been aggregated along with breaches of other sites into the breach dataset that became known as CouponMom 2014.
This notification was not delayed as a result of a law enforcement investigation.
What Information Was Involved?
BeerAdvocate user login credentials (email address, BeerAdvocate forum password) were lost and aggregated along with breaches of other websites into a breach dataset that became known as CouponMom 2014.
What We Are Doing
New management at Next Glass has thoroughly investigated this matter in order to disclose the relevant information needed to provide transparency. In the years since 2013, BeerAdvocate's forum software and its password hashing scheme has been upgraded to salted multiple iteration-SHA-256. Website traffic is encrypted and routed through a reputable internet security provider. Two-factor authentication (2FA) is offered to all users. Since the acquisition of certain BeerAdvocate assets in February 2020, BeerAdvocate's platform has been migrated to a more secure infrastructure. Password resets have been initiated in tandem with email contact to the BeerAdvocate user community. We prioritize user data and safety and have continued to upgrade the platform's infrastructure to ensure best-in-class data protection.
What You Can Do
- Learn About Our New Security Measures(includes next steps)
- Learn How to Secure Your Account
You should reset any password that is/was similar to the password you used for BeerAdvocate. Please review the enclosed "Additional Resources" section included with this letter. This section describes additional steps you can take to help protect yourself, including recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on your credit file.
For More Information
You can reach out to support@beeradvocate.com with any questions or the toll numbers included below.
Sincerely,
James Smith
CEO, Next Glass, Inc.
21 S. Front St., Wilmington, NC 28209
910-444-1778
###
ADDITIONAL RESOURCES
You may purchase a copy of your credit report by contacting one or more of the three nationwide reporting agencies:
- Equifax, PO Box 740241, Atlanta, GA 30374, https://www.equifax.com, 1-866-349-5191;
- Experian, PO Box 9532, Allen, TX 75013, https://www.experian.com, 1-888-397-3742;
- TransUnion, PO Box 1000, Chester, PA 19022, https://www.transunion.com, 1-800-888-4213
You may also obtain a Free Credit Report. To order your annual free credit report by visiting https://www.annualcreditreport.com, or by calling toll free at 1-877-322-8228, or by mailing an Annual Report Request to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.
You should remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring your credit report for unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting agencies.
Federal Trade Commission Contact Information: Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580, https://www.ftc.gov, 1-877-IDTHEFT (438-4338).
Federal Trade Commission and State Attorneys General Offices. You should immediately contact the Federal Trade Commission and/or the Attorney General's office in your home state if you believe you are the victim of identity theft or have reason to believe your personal information has been misused. You may also contact the Federal Trade Commission and/or the Attorney General's office in your home state for information on how to prevent or avoid identity theft.
You can obtain information from the federal trade commission and the credit reporting agencies about fraud alerts and security freezes.
Fraud Alert. You may place a fraud alert by calling one of the three nationwide credit reporting agencies above. A fraud alert tells creditors to follow certain procedures, including contacting you before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit.
Security Freeze. You have the ability to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans and services from being approved in your name without your consent. To place a security freeze on your credit report, you may be able to use an online process, an automated telephone line, or a written request to any of the three credit reporting agencies listed above. The following information must be included when requesting a security freeze: (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue.
0 comments (click to read or post):
Post a Comment
Please leave a comment...I do moderate each comment so it may not appear immediately...and please be nice! You can also comment using Disqus (below) or even comment directly on Facebook (bottom).