Notice of Data Breach (2012-2013)

Blog Discussion in 'BeerAdvocate Talk' started by Todd, Jul 17, 2020.

Thread Status:
Not open for further replies.
  1. Todd

    Todd Founder (13,254) Aug 23, 1996 Finland
    Staff Super Mod Pooh-Bah Society Trader

    We recently became aware of a breach of BeerAdvocate user data that occurred between 2012 and 2013. After a thorough investigation from an independent third party cyber security firm, it was confirmed that BeerAdvocate user login credentials (email address, BeerAdvocate forum password) were lost and aggregated along with breaches of other websites into a breach dataset that became known as CouponMom 2014. Importantly, BeerAdvocate did not possess or lose any financial information or information that is likely to lead to identity theft.
    The exact method of breach could not be determined, due to the incident occurring seven to eight years ago. However, from the number of emails involved and understanding the password hashing scheme in use in that timeframe, it is possible that the BeerAdvocate third party forum software user database was compromised, and a since-retired password hashing method allowed some passwords to be derived. These credentials appear to have been aggregated along with breaches of other sites into the breach dataset that became known as CouponMom 2014.

    New management at Next Glass has thoroughly investigated this matter in order to disclose the relevant information needed to provide transparency. In the years since 2013, BeerAdvocate's forum software and its password hashing scheme has been upgraded to salted multiple iteration-SHA-256. Website traffic is encrypted and routed through a reputable internet security provider. Two-factor authentication (2FA) is offered to all users. Since the acquisition of certain BeerAdvocate assets in February 2020, BeerAdvocate's platform has been migrated to a more secure infrastructure. Password resets have been initiated in tandem with email contact to the BeerAdvocate user community. We prioritize user data and safety and have continued to upgrade the platform's infrastructure to ensure best-in-class data protection.

    We take the security of your data extremely seriously. You can reach out to with any questions.
    EugeneStockton, Serghei, rsvp and 4 others like this.
Thread Status:
Not open for further replies.