QuestionPro
What Happened
In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP addresses, browser user agents and results relating to surveys. QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), so the data was initially flagged as "unverified". Subsequent verification by impacted HIBP subscribers later led to the removal of the unverified flag.
Compromised Data
Recommended Actions
Monitor for Suspicious Activity
Watch for unusual login attempts, spam and phishing emails.
Breach Overview
-
Affected Accounts:
22.2 million
-
Breach Occurred:
May 2022
-
Added to HIBP:
5 Aug 2022
Recommended Actions
Change Your Password
If you haven't changed your QuestionPro password since 2022, do so immediately.
Enable Two-Factor Authentication
Add an extra layer of security to your account.
Check Other Accounts
If you used the same password elsewhere, change those too.
Monitor for Suspicious Activity
Watch for unusual login attempts or messages from your account.
