8th of July, 2021 (latest update: 2nd of August, 2021)
We were the target of an organized cyber-attack which was carried out with considerably vicious criminal intent. The unidentified perpetrators managed to break through our high security standards and access internal data. We immediately took all necessary steps to protect all the data we hold and are currently working with external cyber-security specialists to systematically reconstruct the incident. Our day-to-day operations were not affected, and all our systems are up and running as normal.
What data was affected?
Data affected includes address data,
password hashes saved before 2014, and bank account details and/or PayPal addresses.
Update on July 30th, 2021
Great news concerning the state of stolen password hashes! According to the current information out of our investigations, no password hashes were stolen during the security incident. We are very pleased to be able to give you the all-clear here.
It has been very important for us to keep our communication open and clear during this security incident. This is why we have disclosed all possible consequences of the IT attack from the very beginning, since a possible misuse could not have been ruled out entirely. Of course, the recommendation to use strong passwords (see below) still applies.
What can happen with my data?
There is a possibility that obtained data may be published without authorization or used by unknown persons for fraud or identity theft attempts. The general recommendation is to closely monitor your bank account for suspicious debits. If an unauthorized debit occurs, you can reverse them yourself in accordance with the applicable SEPA direct debit rules.
It’s also possible that “phishing” emails may be sent to you. These will try to obtain your personal data via fake websites or try to install malware on your devices. You should always check the authenticity and trustworthiness of incoming emails.
For more information on email and internet security, visit the National Cyber Security Centre.
What protective measures have been undertaken?
Data security is our number one priority, and we are taking this incident extremely seriously. Our crisis team is working with external cyber-security specialists to systematically reconstruct the events. We will be implementing additional measures to ensure that this kind of breach cannot happen again. The relevant authorities have been informed.
What can you do?
If you have an account with us we highly recommend you to change your password. Recommendations for strong passwords:
- Choose as long a password as possible
- Avoid using personal information, such as a birthday
- Use a combination of numbers, symbols, and upper and lower case letters
- Use a different password for each of your accounts
- Change your password regularly
I receive earnings pay-outs via PayPal. Should I change my PayPal password?
Of course, we don’t have access to nor do we store any password information from accounts at PayPal. Generally, we recommend changing your password if you haven’t done so in a while, especially to protect sensitive data.
I deleted my account in the past, why do you still have my data?
We are legally required to retain certain data even if your account was deleted. Since some of this data may have been compromised, we wanted to make sure you were informed about this cyber-attack.
How do I delete my account?
Log into your Partner Area and click on your Account name at the bottom left. Then click on “Security settings” and you’ll find the link to delete your account. Find out more in this help article.
How can I find out more?
We'll be updating this page as soon as we have any new information. Check back here for more!