hey everyone
got 2 emails tonight, first saying i’ve updated my paypal details, the 2nd one saying my email has been changed.
now when i try to log in it says my account doesn’t exist.
it seems someone has hacked my account and stolen my balance.
i’ve reaches out to TA and tried to contact cashrewards but curious if this has happened to anyone else?
i wonder if their servers have been compromised, now i’m thinking i should change all my passwords just in case….
account recovered with cash,
i changed password and setup 2 factor
hopefully safe now :)
$4.36, I'm good. Been ripped off about $10 but that another for another post.
Link to other post?
Thank you for the warning, luckily my account hasn't been hacked.
I just setup Two-Factor Authentication by going to the My Account section and then clicking on the My Settings tab and scrolling down to Two-Factor Authentication.
Or click Here and scroll down to Two-Factor Authentication
Thanks for that. I should really start using two-factor authentication more often.
Can't cash out without it now.
and why is that? Anyone else know if this is true?
@sprucemoose92: > and why is that?
Did you read the thread title?
Anyone else know if this is true?
Try it yourself.
It'll say "Nope, gotta set up 2-factor auth" first, and after you do that it'll say "And now wait 48 hours, lol".
@D C:
Very confused why you commented then…
OP post is about being hacked (Thread Title: Cashrewards Account Hacked!) so nothing to do with two-factor authentication and cashing out.
I commented on 'steven6' thanking him for telling me about the two-factor authentication and his comment is just about the process in doing it.
So then I come to your comment which is the first to mention not being able to cash out with no extra details about the 48 hour wait which I had already read once I change my account to the two-factor authentication.
secondly if you are to make such a vague comment please explain why as I wouldn't have responded otherwise… and also it puts people off having addition security on their profile and hence why we have this post in the first place.
@sprucemoose92: The entire point of CashRewards is to get money. As soon as you try to transfer any out, 2-factor auth kicks in.
You apparently haven't tried to do that lately (2-factor auth is a recent thing, 1-2 months?). Neither had @OP, so leaving the door open for someone else to do it for them. I'm assuming they have have his email account.
The 48 hour wait is irrelevant.
Eventually every CashRewards user will have 2-factor auth on their account (barring the ones who used it once and then forgot about it - even @OP says that's him), so the "I've been hacked!" stuff should go away.
such a vague comment
I'm sorry I didn't write a 5000 word essay using small words.
also it puts people off having addition security
How? If you don't want to enable 2-factor auth then don't. You'll also never get any money from CastRewards… so… fine whatever rock on dude.
Hi DC. It's all about the security of our members' accounts. Rewards cannot be withdrawn for 48 hours after bank or PayPal details have been updated. We do this to allow members ample time to contact us once we notify them of any change to their payment details (in case it wasn't them that requested the change).
If they have not updated their payment details and have been paid successfully with the same details previously, there's no need to hold payment and will be paid right away. We also send an email to members when they request withdrawal of funds. Finally, Two Factor Authentication must be activated in order to withdraw funds and/or to change email/password.
Thanks - didn't know about this setting before.
i wonder if their servers have been compromised, now i’m thinking i should change all my passwords just in case
It's more likely that your device/s has been compromised. Time to run a full security check.
it seems someone has hacked my account
I can guarantee your account wasn't hacked. There's a slim chance you had a keylogger that obtained your password, but faaaar more likely is you signed up to a sketchy site using the same/similar log-in details as your cashrewards account, and that's how they obtained access.
I just tried to link my bank account and take money out - it prevents payments for 48 hours after a bank account update, so hopefully they can help you before then.
When i tried to login to my account, there is no secure padlock showing and security says site is not secure,advised not to go further.
Website is secure. There are just two images being delivered by Trustpilot over http. Nothing to worry about.
I like how the OP is first to point the finger at cash rewards being hacked rather than his poor computer security.
It's most likely…
Your device has a keylogger
Another website which you're a member of has been compromised/database leaked and you used the same username and password combination
You've been phished
The first email could have been fake and if by any chance you clicked on any of its links, you were phished.
Hi clickship. Thanks for the PM, and for your concerns via this thread. As others have stated, your account was compromised possibly due to issues/security/bad practices at your end. Our customer service team has just responded to you, and I can guarantee your funds are intact and have not been 'stolen'. Please just follow their instructions to get your account up and running again. We have Two Factor Authentication in place and I strongly suggest enabling this immediately. Enjoy your day :)
My account has been hacked too! $216.16 was requested to be taken out this morning and sent to a Paypal address that I never set up. Also two factor authentication was set up going to a US number +19083362814 so I can't change my password.
TA, I sent a contact form to cashrewards just then but I had written that I changed my password at the end of the paragraph assuming that I could. But yeah I could not.
We've just fixed your account. It was compromised possibly because your email address is compromised. Check here.
We've just fixed your account.
Thanks a lot for that. I've just set up TFA now.
You'll see your email address is compromised.
Yeah I was wondering why from 2 days ago I've been spammed with newsletter subscriptions every other night that I had not signed up for. It was like 300 of them each time. Anything I can do from my end to stop that or is my email forever compromised now?
thanks TA, i appreciate how quickly the account was recovered with the funds.
i did have a pretty basic password setup for cash rewards because i never planned to withdraw the cash haha i guess once i thought i had lost it it became alot more important.
i set up 2 factor authentication now and a better password but i still doubt it was compromised from my side - im still going to change all my other passwords just in case.
maybe a heads up for everyone to update your password and setup 2 factor authentication if you havent already.
thanks again cashrewards
I've marked title post as (Solved) for now, if you don't mind.
Are all our accounts compromised?
Have our payment details been taken?
Do we need to change our passwords?
Payment details are useless. Cashrewards can only deposit into it. If hypothetically CR was compromised, then the only thing the hackers could do is deposit money and not withdraw.
Thats why they're attempting to change the target accounts to their own before withdrawing out of CR.
Id suggest people to either use diff passwords for diff sites, at least for money sensitive/payment ones anyway.
My account got hacked too. The two authentication was set to some USA number. I have about 212 dollars in the account.
My account has been hacked too! I can't access my account as the hacker has changed name to "Antonio" and has changed my email address, which no longer exists in the Cashrewards database. $100 gone.
I have emailed Cashrewards.
What else can I do???
email them, mine was recovered very quickly.
although now i’m thinking they have been compromised because it seems a lot of people have been hacked
I haven't been hacked.
Must be a pretty big and common website you guys all use thats been hacked.
P.s. Even with the size of Catchoftheday, they have been compromised before.
I think it was the dlh.net breach
Hi all. An update.
I would like to emphasise that Cashrewards takes the security of its member data very seriously. Rest assured, our data has not been comprised. If you use the same email address & password combination on other sites, there is a possibility your data has been breached elsewhere.
In order to secure your data we advise you do the following…
- Check if your email may have been compromised in a data breach via https://haveibeenpwned.com
(It may not show all sites that have been breached but it does show the majority of them.)- Reset your Cashrewards password to a strong and unique password.
- Set up Two-Factor Authentication in My Settings.
Two-Factor Authentication is an extra security feature that ensures you're the only person able to access your account. Two-Factor Authentication must be activated in order to withdraw funds and/or change email/password. Funds cannot be withdrawn for 48 hours after bank or PayPal details have been updated. We do this to allow members ample time to contact us once we notify them of any change to their payment details (in case it wasn't you that requested the change).
If you believe your account has been breached, please reach out to us immediately via Contact Us and we'll sort it out.
Thank you for your continued support of Cashrewards.
thanks TA.
i definitely recognise 2 of those sites i was pwned that i had used the same CR password.
reassuring to know which it was and that cash rewards is safe.
Which ones did you recognise?
myspace and xsplit
Slightly OT, but I've just noticed that Ali cash back has dropped to 6% (from 7%). When did this happen?
I don't think we can blame CR, as all other Ali reward programs reduced there ‰ a couple of months ago.
has anyone noticed that on CR plugin (chrome) it has a pop up which says "we've found xx amount of codes" and then it tries to apply them? I bought something from BangGood and it cycled through about 15 codes
Just checked mine. All good. My $1.27 balance is still in tact.
Keep us up to date on this one.