Elance Hacked – Hackers Steal Members’ Personal Information
By Anna Johnson on July 17th, 2009Elance.com – the popular site for hiring freelance writers, designers, programmers, consultants and other service providers – has been hacked, compromising the personal information of its members.
Just an hour or so ago, Elance sent an email to its members revealing that “certain Elance user information was accessed without authorization, including potentially yours. The data accessed was contact information – specifically name, email address, telephone number, city location and Elance login information. This incident did not involve any credit card, bank account, social security or tax ID numbers.” See the full text of the email below.
Needless to say this is a serious breach of both security and privacy, and a lot of Elance members are likely to be extremely angry at the news. Elance must be commended for contacting members about the security breach (instead of letting them find out the hard way) but the consequences of this breach may not yet be fully appreciated.
The email could also be a bit more informative – wouldn’t users like to know if their particular information was compromised? Perhaps Elance doesn’t yet know whose personal information was stolen…
Elance said it was working with authorities to remedy the breach, but has not yet revealed how the site was hacked or who was behind the security breach (if known).
Here’s the text of the email sent to Elance members (name of recipient omitted):
Dear [name],
It has recently come to our attention that certain Elance user information was accessed without authorization, including potentially yours. The data accessed was contact information — specifically name, email address, telephone number, city location and Elance login information. This incident did not involve any credit card, bank account, social security or tax ID numbers.
We have remedied the cause of the breach, and are working with appropriate authorities. In the meantime, please take extra precautions in protecting your Elance account. For example, do not provide your login information on any site that is not http://www.elance.com, and NEVER give out passwords by email, over the telephone or on websites that are not the Elance site.
We sincerely regret any inconvenience or disruption this may cause.
For more details and ongoing information about this, please visit this page in our Trust & Safety center: http://www.elance.com/p/trust/account_security.html
Michael Culver
Vice President
Elance
July 17th, 2009 at 11:28 am
“Elance said it was working with authorities to remedy the breach, but has not yet revealed how the site was hacked or who was behind the security breach (if known).
Per Elance email, it was “OutsourcingRoom.com and its parent company CyberBionic Systematics”.
Kevin
July 17th, 2009 at 8:55 pm
I’ve got that email as well… this is such a stupid lapse in security by elance…. sigh
July 17th, 2009 at 9:40 pm
Corporate espionage at work!
July 18th, 2009 at 4:21 pm
Elance sold its database of customers
July 19th, 2009 at 6:09 pm
CEO CyberBionic Systematics Dmitriy Okhrimenko about OutsourcingRoom and Elance
http://outsourcingroom.com/en/services/AboutOutsourcingRoom.aspx
July 20th, 2009 at 3:25 am
Thanks Sam – here’s an article I’ve just written in relation to OutsourcingRoom: http://www.kikabink.com/news/elance-only-has-itself-to-blame/
July 21st, 2009 at 9:18 am
My information was compromised and now I’m getting spam text messages, which I never had before, plus a whole new batch of spam email. Here’s what the manager from Elance told me what happened after I inquired for more details.
Hello Neil,
Thanks for your email.
The hackers discovered a security hole that enabled them to access a data table that contained contact information including name, email address, telephone number, city location, and username, and that contained protected versions of user passwords, in an unreadable format called a one-way hash. Their attack did not access personal financial information such as credit card, bank account, social security or tax ID numbers.
Elance immediately secured the security hole and we are now systematically reviewing the entire Elance system with help from industry leading security experts.
Unfortunately, we have received reports of both unwanted email and in some cases unwanted SMS solicitations. I sincerely regret any inconvenience or disruption this may have caused.
If you have any other questions or concerns, please let me know.
Best regards,
Steve
Manager, Customer Support
Elance
July 21st, 2009 at 5:20 pm
Thanks for posting Neil. We’re starting to see the fall-out from this…
August 2nd, 2009 at 9:08 pm
They stole Proz.com’s database of translators too. They have managed to find non-publicly shown information, it’s hard to know the extent of what they actually have.
November 1st, 2010 at 6:47 pm
This Elance site is not a real site…
I have used this site for 1 year and didn’t earn dollars and it was working fine. And I got two jobs last month from the same client and I got arround US$ 500!!! And as soon as I got that money to my Elance account, I got expired my account.
I coudn’t withdraw it as well.
Can anybody think that my account has been hacked by others or by ELANCE??? In this case anyone can directly say it has been hacked by ELANCE.
November 1st, 2010 at 6:52 pm
Mr Steve (Hacker Partner)
Manager, Customer Support, Elance
I have send so many messages to customer support regarding my Elance account got expired. I never recieved a single reply and at least a blank message. From this we can notify that Elance staff can’t face to our question.
I’m going to send these messages to all over the world on internet.
Elance – Rest in Peace!!!