RedFlagDeals.com has emailed its users to note there was an “undetected breach” of their user data database back in 2013, which saw usernames and encrypted passwords get compromised. The company only discovered this hack three days ago, when contents of the database was posted only on January 9th.
In an email to customers, RedFlagDeals says they have logged all users out of their systems and ordered a mandatory password reset, as a “precautionary measure”. The site also is recommending all users change their passwords if they have been reusing them on other websites. The deals site says they “apologize for any inconvenience this may cause you” and says users can email support if they have more questions.
The site was compromised under the leadership of Montreal-based Yellow Pages Group, which acquired RedFlagDeals.com back in 2010; a year later, the company launched a RedFlagDeals iPhone app.
Time to change your passwords folks and ensure you’re using a password manager, such as 1Password for iOS to create unique passwords.
Update: The discovery of the RFD database hack was first found by forum user thearcade, who spotted RFD on a site detailing hacked forums. If this forum user did not discover it, who knows if RFD even knew about it. Also, password reset emails, containing temporary passwords, are being emailed out unencrypted.