We are following up on the email sent last week regarding the hack of our Ontario Reptile and Amphibian Atlas app. The passwords for all atlas accounts have been reset.
Please set a new password for your atlas app account.
If you have the app on a mobile device:
- Log out of your account.
- Click the ‘Reset Password’ button.
- You will receive an email with a new password. Enter this into the login screen on the atlas app.
- You will be prompted to create a new password.
To change your password on a desktop, visit:ontarionature.org/oraa/app and then follow the same steps.
If you used that same password elsewhere, we strongly advise that you change that password immediately. If you receive an email asking for money or referencing your password, delete it immediately – it is fraudulent.
We would like to answer some of the questions that we have received in response to our previous email.
When was the app hacked and how were atlas users notified?
Ontario Nature became aware of the security breach on December 24, 2018. User information may have been breached as early as September 2017. We immediately published a blog and posted on our Facebook group page alerting users of the security breach on December 24, 2018. We circulated an initial email on January 4, 2019 as soon as we had gathered more information and worked through some initial steps with the developer.
Whose information was leaked?
All atlas users were contacted, regardless of whether their information was leaked. We urge everyone to change their passwords as a precaution as all passwords were vulnerable even if they were not leaked online.
Can Ontario Nature provide users with the website where the information was leaked?
Sorry; we are not providing the link where account information was leaked in order to protect everyone’s privacy. We recognize this may be frustrating, but do not want to drive more traffic to the illicit webpage.
You can see if your email has been compromised from any privacy breach through this website:https://haveibeenpwned.com. Sadly, many others have also been hacked: LinkedIn, Adobe, Bell and so on.
How can I find out which password I used for my atlas account?
If you are unsure of which password you used, please change them all. We understand that this may be a long process but changing passwords on a regular basis is good practice for ensuring your security.
How can you be sure the app won’t get hacked again?
The host has changed since the hack. We have changed the database password and encrypted all passwords within the database. We are looking into further security measures.
Is there a risk that reptiles or amphibians will be poached from this breach?
There has not been a large amount of data downloaded on personal accounts, or for sensitive species, since the breach happened. While it’s still possible someone simply viewed the data from individual accounts, we do not believe the atlas data was the target. For that data to be compromised, the hacker would need to go into each account to see submissions. None of the individual accounts have access to the amalgamated data. From what we understand, this is the same scam/breach that happened to LinkedIn and other companies going after emails and passwords.
Sorry for the inconvenience that this breach has caused. We appreciate your understanding and patience.
— The Team at Ontario Nature