DataCamp found that a third party had illegally acquired access to one of their systems and disclosed some user data there.
The company sent emails to the users they believed were impacted or could be impacted.
Any DataCamp users who might have been impacted were signed out, and if they used passwords for authentication, their credentials were invalidated and they were instructed to change them.
The exposed information includes personal information such as name, email address, optional information including location, company, biography, education, picture, and some account information like Hashed passwords using bcrypt, Creation date, Last sign-in date, Sign in IP address.
The company does not store credit card data and thus does not believe credit card or Paypal data were affected.
They investigated the incident and took preventive steps type to stop such incidents in the future.
Source: https://www.databreaches.net/datacamp-notifies-users-of-hack-forces-password-reset/
TPRM report: https://scoringcyber.rankiteo.com/company/datacampinc
"id": "dat164819223",
"linkid": "datacampinc",
"type": "Data Leak",
"date": "02/2019",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Education Technology',
'name': 'DataCamp',
'type': 'Company'}],
'customer_advisories': ['Emails to impacted users',
'Instructions to change passwords'],
'data_breach': {'data_encryption': 'Hashed passwords using bcrypt',
'personally_identifiable_information': ['Name',
'Email address',
'Location',
'Company',
'Biography',
'Education',
'Picture'],
'type_of_data_compromised': ['Personal Information',
'Account Information']},
'description': 'DataCamp discovered that a third party illegally accessed one '
'of their systems and disclosed some user data. Affected users '
'were notified and instructed to change their passwords. The '
'exposed information includes personal information and some '
'account details, but no credit card or PayPal data were '
'affected.',
'impact': {'data_compromised': ['Name',
'Email address',
'Location',
'Company',
'Biography',
'Education',
'Picture',
'Hashed passwords using bcrypt',
'Creation date',
'Last sign-in date',
'Sign in IP address']},
'references': [{'source': 'DataCamp', 'url': 'https://www.datacamp.com/'}],
'response': {'communication_strategy': ['Sent emails to impacted users',
'Instructed users to change their '
'passwords'],
'containment_measures': ['Signed out affected users',
'Invalidated passwords',
'Instructed users to change their '
'passwords']},
'title': 'DataCamp Data Breach',
'type': 'Data Breach'}