RedFlagDeals Hacked in 2013, Only Detected Now: Change Your Passwords [u]

Share: has emailed its users to note there was an “undetected breach” of their user data database back in 2013, which saw usernames and encrypted passwords get compromised. The company only discovered this hack three days ago, when contents of the database was posted only on January 9th.

Screenshot 2017 01 12 15 35 45

In an email to customers, RedFlagDeals says they have logged all users out of their systems and ordered a mandatory password reset, as a “precautionary measure”. The site also is recommending all users change their passwords if they have been reusing them on other websites. The deals site says they “apologize for any inconvenience this may cause you” and says users can email support if they have more questions.

The site was compromised under the leadership of Montreal-based Yellow Pages Group, which acquired back in 2010; a year later, the company launched a RedFlagDeals iPhone app.

Time to change your passwords folks and ensure you’re using a password manager, such as 1Password for iOS to create unique passwords.

Update: The discovery of the RFD database hack was first found by forum user thearcade, who spotted RFD on a site detailing hacked forums. If this forum user did not discover it, who knows if RFD even knew about it. Also, password reset emails, containing temporary passwords, are being emailed out unencrypted.


  • johnnygoodface

    “As a matter of best practice, we regularly conduct security testing of our sites to minimize the chance of this type of leak reoccurring” … You got to be kidding! We’re in 2017 boys.. a bit late for a 2013 leak

  • Eliza May

    Pretty disgusted by this, 4 frickin years later we are told.

  • Also, there’s no way to delete your account. Rfd on twitter says to just “stop using it”.

  • tomm

    About password managers: I’ve been using Splash ID for years and years way back when it was only on the Mac. However I have switched away from it because they let the Mac version slip way back; things that used to work broke down, I had to downgrade to a previous version to stop crashing etc etc. I looked at 1 password, but they have now switched to monthly billing and it ain’t cheap, US$36/year and I don’t know about iphone, if they charge extra. Splash ID also charges by the year (I think US$20) and I had lifetime license. I settled on LastPass and I am very impressed. A week after I purchased the Pro version (was US$12/year) they made the syncing with the iphone free and when I mentioned it to them, they refunded my money without asking, also very impressive. I am now wondering if I should re-subscrive to the pro version, not sure what advantages it has now that they both sync.

  • Mark

    I believe you can still purchase a license for 1Password in AgileBits Store. One time fee, enter your license # in the app on each device and you’re done. Need to sync with Dropbox or manually in wifi though. Still working for me.

  • Cornfed710

    I can’t seem to find a way to change my password. I currently have a temporary one.