Elance Security Breach

Just a quick post with a warning from Elance. I received an email from their customer service folks at an ungodly hour this morning, that states (if I were to paraphrase) that the site has been hacked or attacked in some way.

The email covers the basics, but doesn’t include very much detail of exactly what happened. It read as follows:

It has recently come to our attention that certain Elance user information was accessed without authorization, including potentially yours. The data accessed was contact information — specifically name, email address, telephone number, city location and Elance username. This incident did not involve any credit card, bank account, social security or tax ID numbers.

We have remedied the cause of the breach, and are working with appropriate authorities. In the meantime, please take extra precautions in protecting your Elance login information. For example, do not provide your login information on any site that is not http://www.elance.com, and NEVER give out passwords by email, over the telephone or on websites that are not the Elance site.

We sincerely regret any inconvenience or disruption this may cause.

Now, to me this sounds like an actual hack. It’s not a fake web page, set up to capture logins, as that would compromise payments as well as identities. Of course, there’s absolutely nothing we can do about it: the information was accessed, so it’s out there being sold to marketing spammers and goodness-only-knows who else, right now.

This would be a good time to set up Google Alerts on your Elance login name and your working pseudonym: that way, if they appear on the web, you’ll get a warning.

Pass the word to anyone you know who uses Elance, too.