In an email sent Saturday morning, Bleacher Report warned all users that their login information may have been accessed by an “unauthorized third party.”
Bleacher Report apparently found out about hack in mid-November and contacted law enforcement. In a Q&A published on support.bleacherreport.com, the site said it waited five weeks before notifying users because it was conducting an investigation about the extent of the attack.
As a result of the hack, Bleacher Report is requesting that all users change their passwords immediately.
Here’s the email in full:
We are writing to notify you about a security incident at Bleacher Report that may have exposed your login credentials to the Bleacher Report website and mobile application to an unauthorized third party. We take the security of our users’ information very seriously and out of an abundance of caution we are requiring all Bleacher Report users to change their passwords. We are also providing all users with the detailed information set forth below about the incident so that individuals may evaluate additional steps to protect their information. You can change your password through this link: https://bleacherreport.com/
accounts/reset_passwor. If you do not change your password within 72 hours, you will have to click the “Forgot Password?” link in order to reset your password.
On Nove mber 12, 2016, we became aware that an unauthorized party gained access to certain files containing limited Bleacher Report user information. We immediately began investigating the incident, and our investigation revealed that the unauthorized party accessed this user information sometime in or before early November 2016. We also reported the incident to law enforcement authorities. We concluded that the unauthorized party may have acquired the first name, last name, username (email address), and password for Bleacher Report’s website and mobile application user accounts. The Bleacher Report website and mobile application do not collect credit card numbers or other sensitive personal information, such as Social Security numbers.
What We Are Doing?
To protect our users, we are requiring all users to reset their passwords for Bleacher Report accounts. Bleacher Report has also taken several additional steps to further improve its security.
What You Can Do
I f you use the same password for other online accounts, we recommend you set new passwords on those accounts immediately. Internet security experts recommend using different passwords for each account and creating passwords that are hard to guess. In addition, we will never ask you for personal or account information in an email, so please exercise caution if you receive unsolicited emails that ask for that information.
For More Information
We apologize for any inconvenience caused by this incident. If you have any questions, please do not reply to this email, but instead contact us by sending an email to usersupport@bleacherreport.
zendesk.com. You may also obtain additional information related to the incident atsupport.bleacherreport.com.