In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP addresses, browser user agents and results relating to surveys. QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), so the data has been flagged as “unverified” and may have been sourced from another location.
Troy Hunt explores this breach in a Twitter thread:
As of August 12th, QuestionPro still haven’t officially acknowledged the breach.
Accounts breached: 22229637
Breached on: May 21, 2022
Exposed data: Browser user agent details, Email addresses, IP addresses, and Survey results
Added on: August 05, 2022