Unbreach

In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP addresses, browser user agents and results relating to surveys. QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), so the data has been flagged as “unverified” and may have been sourced from another location.

Troy Hunt explores this breach in a Twitter thread:

A thread on the "alleged" QuestionPro breach: firstly, in @LawrenceAbrams' article he said "they are currently determining whether a data breach occurred". They haven't acknowledged a breach occurred, haven't been in contact with me and I don't know if they've even seen the data. https://t.co/xhmsYOH5Ee

— Troy Hunt (@troyhunt) August 5, 2022

As of August 12th, QuestionPro still haven’t officially acknowledged the breach.

Articles

• Hackers try to extort survey firm QuestionPro after alleged data theft

Summary

Accounts breached: 22229637

Breached on: May 21, 2022

Exposed data: Browser user agent details, Email addresses, IP addresses, and Survey results

Domain: questionpro.com

Added on: August 05, 2022