Cash Back Site BigCrumbs.com Investigates Possible Data Compromise
Popular cash back site BigCrumbs.com has been offline since January 29th investigating a potential data compromise on its website.
Vince Martin, CEO of BigCrumbs, assured the website’s users that the compromise in question was not the result of a data breach or hacking. Instead, he believes an unknown third party obtained information from other sites to get into BigCrumbs’ accounts.
“The evidence strongly suggests that the attacker used credentials gained in breaches of other sites, where users who’d been compromised on those sites had re-used the same credentials at BigCrumbs,” said Martin on the company website.
Last Monday was a scheduled payday for BigCrumbs, but many users did not receive their payments due to the investigation. The only users to receive payment were those with verified PayPal accounts. The most recent company update which was posted on the website on February 5th said, “Members with verified PayPal accounts were paid as scheduled on February 2, 2015. Roughly 4% of members had unverifiable accounts and we will work with them ASAP to help them securely receive their payments.”
BigCrumbs is using their offline times as an opportunity to “implement additional modifications to the BigCrumbs website that will also better prepare…for the future of our program.”
The cash back shopping service said they may be offline longer than anticipated, possibly until mid-February.