Dear Valued Easy2Coach Customers,
Recently, we have been notified by our customers and easy2coach members that add-ons like chrome password manager informed about leaked passwords (all customers reported a password leak coming from fussballtraining-online.de which was our previous e-book Shop Page).
We immediately took the mentioned website into quarantine and startetd immediately monitoring network activity and conducted an extensive internal investigation.
Although we have not identified any action or omission by easy2coach that may have facilitated or allowed this apparent theft to occur on our side, we apologize deeply to all of our customers for this issue and pledge to get to the bottom of it.
We already sent out an email to all users that might be affected as a result of purchasing being done on the page mentioned above or newsletter subscribers with instructions on how to protect their data.
- If you have received an email from us (please also check your Spam folder), please read it carefully and act accordingly. IMMEDIATELY change your password in easy2coach and validate if you are using the same password somewhere else as well.
- If you have not received an email from us, then we have no reason to believe your account was compromised.
While the investigation is still underway and we can not post any official conclusions just yet here are a couple of findings so far.
We have detected an increased amount of calls coming from one external URL (fussballtraining-online.de). This external URL was deleted and removed fully by September 23th, 2019
To conclude the investigation as soon as possible, we are working closely with a professional IT team to determine whether our system was compromised or not.
Appropriate agencies were also notified about these incident, and we will work diligently with them to help track the perpetrator who did this.
We will post an official statement after the internal investigation has been completed.
Last but not least, we would like to thank our easy2coach community for offering continuous help.
If you have any information that might help us or law enforcement agencies, please contact us via privacy[@}easy2coach.net
Jörg Pollmeier
Founder and CEO, easy2coach
26.September 2019
—————————–
Update October 5th, 2019
A few days ago we learned that a criminal hacker had accessed several user accounts and stolen encrypted passwords from our customers. Through a well-orchestrated attack, the perpetrator gained access to a database holding valid passwords of our customers. We detected an increased volume of calls coming from a small number of IP addresses.
Upon detecting this intrusion, we immediately disabled the suspicious URL and stopped the suspicious calls. We believe this action prevented further leaks.
At the moment we estimate that approximately 6.757 user passwords were compromised in encrypted form. We did not find any other proof that further data was compromised and we did not see any action taking place after removing the URL fussballtraining-online.de fully.
As always, we also suggest our users to change login passwords periodically, use strong passwords that are not already used on other websites, and avoid being duped by phishing emails and suspicious websites.
We would like to again apologize to our valued customers who have been directly affected by this attack. We also wish to thank the many individuals who have been of great help in resolving this matter.
The investigation continues, and we will not rest until we get to the bottom of it.
Jörg Pollmeier
Founder and CEO, easy2coach