Freelancer.com has contacted some of its customers alerting them to reset passwords of their accounts. The Freelancer.com user credentials found in public dumps of leaked data from third party sites, in a form of damage control.
An Email sent to its clients redirecting its customers to haveibeenpwned.com to check if they are affected or not. Nicholas de Jong, VP Security and Operations at Freelancer also clarified on how they discovered this potential breach.
We observed users that appear to have credentials in common with those dumps. Thus took measures to protect our users affected.
User credentials in public dump
In other words, users found to have utilized their Freelancer.com credentials on other sites. From where data has made its way to the public domain. In its email, the company even suggested a password reset. Something possibly unique, as a security measure for its users.
Freelancer also noted that the compromise was not due to any hack in the Freelancer.com website property, and did not speculate about how user credentials landed in a public dump.
We must also remind our users once again that using the same passwords across multiple sites is a really bad idea, so if you’re doing that anywhere, please change your passwords, and get a password manager.