ShopBack Data Breach

Store Repgotyourback @ ShopBack AU on 25/09/2020 - 22:13
Last edited 25/04/2021 - 18:37 by 4 other users

13 Nov 2020 (Update)

Several hours ago, we became aware that a party has made available online our customers’ data, which was taken during the unauthorised access to our systems back in September.

We are acutely aware that this may cause you further inconvenience and are deeply sorry for this. As mentioned in our previous communications to customers, your cashback is safe, and your passwords are hashed with a unique and dynamic salt. This data does not contain any credit card details, and ShopBack does not store your 16-digit card number or CVV on any of our systems.

We want to reassure you that we have further enhanced our security measures since September; taking the following steps:

  1. We have verified the removal of unauthorised access and ensured that our systems are now in line with intended configurations.
  2. We have further improved the storage of our unique salted passwords by encrypting using a separately stored 'pepper'.
  3. We have partnered with Crowdstrike, a world-class endpoint security and threat intelligence platform, to monitor for suspicious activity across all our systems.

In the coming days as a precautionary measure, we will be triggering a forced logout and password reset of customers’ ShopBack accounts.

We have also rolled out a self deletion feature on our site to give our customers the ability to delete their accounts quickly and easily themselves without the need to contact ShopBack. See this how to link to self delete your account. We can also continue to assist customers with deleting an account if this is their preference.

Meanwhile, our investigation is still ongoing and we continue to cooperate with the Office of the Australian Information Commissioner.

We thank you for your continued support and we will continue to release further updates. Please reach out to [email protected] if we can help out at all.

26 Sep 2020

Hi guys,

We know the trust you place in us to safeguard your personal information which is why we’re proactively writing this up. A few days ago, we became aware of an incident involving unauthorised access to our systems which contained our customers’ personal data. We are currently confirming which data has been compromised.

As soon as we became aware of the issue, the unauthorised access was removed. We immediately initiated an investigation and engaged leading cyber security specialists to assess the extent of the incident and to further enhance our security measures. We are also collaborating with relevant authorities.

To date, we have no reason to believe that any of your personal data has been misused, however the possibility still exists. What we can assure you of is that your cashback is safe, we do not collect credit card details, and your ShopBack account password is protected by encryption.

You may continue to access your ShopBack account and use our services as business operations have not been affected by the incident.

We understand that this incident might raise some questions for you, and in this regard, we have established a dedicated email address, [email protected], if you would like to contact us. Please also refer to the customer FAQ on our website which has further details.

While your password is encrypted, you may wish to change your ShopBack account password, and we suggest that you do not use the same password on other digital platforms.

We recognise that this is unsettling news and we are deeply sorry for any inconvenience this might cause you. The security and privacy of our customers is of utmost importance to us, and we commit to taking all the steps we can to minimize the risk of a similar incident occurring again in the future.

Thank you
Team ShopBack

FAQs In This Post

How do I close my account?
See this 'How To' link.

How long will it take to close/delete/deactivate? Can I recover my account?
It will take us up to 48 hours to close/deactivate/delete your account after receiving your request. We will not be able to reinstate/restore or retrieve any information (this includes cashbacks associated with the account).

Can I still get my cashback after closing my account? What about pending cashbacks?
In order to ensure that you receive your cashback, you will need to request for a cashout and confirm that you have received it before submitting a request to close/delete/deactivate your account. Cashbacks that have not been confirmed will not be able to be processed. You will not be able to cashout pending cashbacks after they become confirmed as we will not be able to track and link them to you once we have deleted all your information.

I'm not receiving the password reset emails
Our systems are processing the requests and the emails will get to users soon (update: email services have been restored and functioning normally). Alternatively, you can also reset your password by clicking on "Update Password" under https://app.shopback.com/account.

General Discussion

Related Stores

ShopBack AU
ShopBack AU
Third-Party

Comments

      • bazingaa on 25/09/2020 - 23:30
        +4

        So, have all values for full name, email address, password, phone number, paypal email leaked?

        • Clear on 25/09/2020 - 23:33
          +1

          I don't think they know.

      • dcep on 25/09/2020 - 23:41
        +3

        bank account details not encrypted ?

        • Quantumcat on 26/09/2020 - 06:56
          -1

          They can't be or you wouldn't be able to withdraw your money. Passwords can be encrypted because they encrypt what you type and compare that to what's on the database. They never need to store your actual password only the encrypted version. But for bank details they'll need to know the plain text for it to appear on your screen and to submit the transfer with the bank. They can't store the encrypted version then decrypt it to display and use, the whole point is that it is easy to encrypt but hard to decrypt. If it was easy to decrypt then the hackers could also easily decrypt it after breaking in and there would be no point encrypting it. Hope that makes sense.

          • od810 on 26/09/2020 - 09:48
            +1

            @Quantumcat: That's wrong. Password should be 1-way hashed, bank details can be encrypted and decrypted at time of transfer.

            • Quantumcat on 26/09/2020 - 10:35
              -1

              @od810: If they can be decrypted easily then there was no point encrypting them in the first place. The whole point is that if a hacker gets the data it is really difficult to get the plain text out of it. If it is easy to get the plain text there was no point. That is like locking your door but leaving the key in the lock. Passwords are encrypted in the database because the website never needs to know what the plain text is. They lock the door and shred the key into tiny pieces.
              To continue extending the analogy, when you try to log in to a site you provide your own door, you lock it, and you shred your key with the same machine - if those shredded bits match the site's shredded bits you get to log in. Under no circumstances does anyone need to unlock the door. In the case of bank details, the site DOES need what's behind the door so it can't be locking the door and shredding the key. What you're suggesting in the site lock the door and not shred the key so they are able to unlock it - meaning if a hacker gets in all they need to do is unlock it also. Making locking it up totally pointless.

              • od810 on 26/09/2020 - 11:33
                +1

                @Quantumcat: I don't think you know what you are talking about. Encryption & Hashing are two different things. 1 way hashing + salt is use for password. Encryption is used to encrypt sensitive data. When time comes, you can use the key to decrypt the data. Just like how you encrypt your hard drive. Hacker can steal your laptop, but they won't be able to get the data of your hard drive out without knowing the key. Shopback can hold the key to decrypt the sensitive data, and this key doesn't need to store in the database. So when there's compromise, the key doesn't get exposure together with the data.

                Edit: I deal with PCI/PII data on a daily basis so trust me I know the difference and when to use what

      • Drewbo on 26/09/2020 - 11:09
        +2

        If you do "not require" this information, why is there an option to provide it?

        • nickj on 26/09/2020 - 13:58
          +4

          They REALLY should not ask for date of birth. They don't need it, you can't change it, and banks and financial and ID services all require it.

          Gender they also don't need. (makes zero difference if I'm a guy or a girl or non-binary).

          Also why do they need my surname? A first name I have less problem with, but there's very little actual need for a surname.

          At a minimum they should get rid of those fields. DOB is the most urgent to remove.

          For cashouts, they should also consider removing bank account bsb and account number, and replacing it with payid. Keep PayPal. My understanding is that it's less of a risk having payid become public. If your bank doesn't support payid then use PayPal.

          Lastly, mobile number. I understand ShopBack want this to verify people so that they don't have people set up fraudulent accounts (eg referral bonus for referring themselves), but it's clear that a mobile number is very open to abuse (see multiple reports in this thread of scam calls already in the past week). So I really think questions need to be asked about whether a mobile number is really required for this service to operate.

          There's also address and postcode in the account information screen. NOT NEEDED! Reduce this screen to just what's needed for the service to operate, the need-to-know info. First name, email, mobile (maybe), payid or PayPal, and that's it.

          • annarchon on 26/09/2020 - 14:18
            +2

            @nickj: Um, its their business to farm customer information. Them not asking for gender, DOB, etc is like them not doing their job.

            They are providing the cash for your data, thats how all these cashback system work.

            • nickj on 26/09/2020 - 14:48

              @annarchon: I don't think that's true. It's not Facebook. Online shops provide a cashback to people that refer customers, in this case you're using shopback as your agent to refer yourself, and they give you some of the cashback when it clears, and keep some to cover operating expenses and profit. So the product is the referral, not the data.

            • haemolysis on 26/09/2020 - 20:47

              @annarchon: They are making deals with shops with the promise of providing more traffic. Selling data isn’t what every online business does lol…

        • Zachary on 27/09/2020 - 23:08
          +1

          Apparently they do require them for:

          specific services or campaigns

      • [Deactivated] on 26/09/2020 - 14:15
        +1

        If some personal details are not required then it might be an idea to stop asking for them. ie. Remove those fields entirely so people cannot fill them in. That way when the next vulnerability is discovered there's zero useful info for a hacker to misuse.

      • watwatwat on 26/09/2020 - 21:35

        So…. why didn't you include this in your email to customers?

    • sharetrader on 26/09/2020 - 09:06
      +2

      This.

      Add to my shopping list of pwns: LinkedIn, Dropbox, Canva, multiple spam lists from an ElasticSearch server hack….
      https://haveibeenpwned.com/PwnedWebsites

  • Krogers on 25/09/2020 - 23:06
    +9

    Disgusting

  • hutchjnr on 25/09/2020 - 23:08
    +5

    Probably why I also got this last night and was a little confused!
    A sign-in attempt blocked on my Google account.
    FFS.

    https://files.ozbargain.com.au/upload/366735/83100/screensho…

    • [Deactivated] on 26/09/2020 - 07:51
      +4

      If you reused your shopback password for any other site, change them all now. Probably a good idea to use a password manager too, creating long unique passwords for each site so if one gets stolen from a website like this, they won’t be able to access your accounts on other websites.

  • mbck on 25/09/2020 - 23:09
    +2

    I used Facebook to log in whats the implications of this?

    Got 2fa aswell for that

    • cloudie9 on 25/09/2020 - 23:45
      +2

      You will get more "friends" requests :)

    • PopCounty on 26/09/2020 - 00:59
      +1

      You are partially exposed. Ur password isn’t visible to hacker. So they can’t login to FB or any other site. But ur personal details held by SB is exposed.

      • machej on 26/09/2020 - 01:46

        Don't assume the password isn't visible to the hacker. If you use a weak password and/or they (Shopback) use a weak hashing algorithm it's quite possible the password can be retrieved. Always use a different password on every single site. It's too difficult to remember unique passwords so use a password locker.

        • Quantumcat on 26/09/2020 - 07:00
          +3

          They used Facebook to log in. The password is not stored with Shopback.

          • mbck on 26/09/2020 - 08:24
            +1

            @Quantumcat: Thanks for clarification.

            My phone number is in there but weirdly haven't got anything weird (yet).

            And my email address seems ok too (for now).

            Extra stress that's definitely not needed during these times.

  • stripe on 25/09/2020 - 23:11
    +13

    Really low to send this so late on a Friday, have some integrity guys.

    • Zachary on 27/09/2020 - 23:10
      -1

      I guess they must have been really exhausted going through their investigation and only now found the time to type the response up….

  • nomoneynoproblems on 25/09/2020 - 23:16
    +14

    Can't even cancel account through the site. what a joke lol.

  • Stewardo on 25/09/2020 - 23:29
    +22

    It’s worth deleting account just for the shady late Friday night notification, had a lot issues with them declining purchases and not honouring bonuses. Happy to call Monday and delete account.

    • Store Repgotyourback @ ShopBack AU on 25/09/2020 - 23:39

      Please email [email protected] and the team will help you out.

      • Stewardo on 25/09/2020 - 23:46
        +9

        Was this the plan in the meeting this week, how can we release this info? 11pm Friday, yeah good call.

    • db87 on 26/09/2020 - 09:00
      +1

      I've tended to forgo cash back sites these days. Unless it's significant enough, they're just to haphazard with people's information for me to trust them anymore.

      Case in point!

      I've emailed requesting to delete my account and have since changed password and deleted linked accounts. Bank account and PayPal - not happy! No spam yet though so fingers crossed.

      • db87 on 26/09/2020 - 12:43
        -2

        Negged? Really?

        Lol

        • RSmith on 26/09/2020 - 12:53

          Evened it up. People don't like that their information is compromised and yours is not.

          • db87 on 26/09/2020 - 12:56
            +1

            @RSmith: Haha cheers, I had a good chuckle anyway.

            At the end of the day, do a tidy up of your accounts and passwords, monitor your finances (you should be doing this anyway), and life goes on.

            I'm always of the thought that if someone wants my info, they'll get it. There's many other ways people get your data and I'd bet a large majority of us have some form of social media or cloud service. Add to that any comparison site you may have ever used and/or many apps that require permissions and it's near on impossible to cover off all bases without going nuts.

            I'm content.

    • mctubster on 26/09/2020 - 12:38

      Lol yes twice declined, never success. Painful

  • LuffyTuffyFluffy on 25/09/2020 - 23:38
    +6

    I've received a ton of spam calls/sms recently, and my # was also spoofed last week! This is the first time that has happened in 20yrs of owning this number. Coincidence? I think not!

    I'm now hoping it was only a once off so I don't have to go to the trouble of changing my damn #.

  • popcornready on 25/09/2020 - 23:42

    I’ve gone into my settings and under fields such as phone number and date of birth, there is no information. I assume this means I never imputed that information when I created the account?

    • skido on 25/09/2020 - 23:46
      +2

      have you cashed out before? you definitely need to have a phone number to withdraw money

      • popcornready on 25/09/2020 - 23:48
        +2

        No I haven’t.

        I tried cashing out now and it wants my phone number verified

        • Zachary on 27/09/2020 - 23:13

          rip phone number - get prepared to bend over to those spammers and callers…assuming the hacker comes back for a 2nd attempt, being the 1st attempt was a success and the 2nd attempt to get all the bank and paypal details and phone numbers now that everyone is up in arms trying to withdraw money and promptly closing their accounts afterwards…

    • Store Repgotyourback @ ShopBack AU on 26/09/2020 - 00:04

      Yes, you would need to have provided this information and it would be listed in your account if you had.

  • skido on 25/09/2020 - 23:45
    +13

    ..we have no reason to believe that any of your personal data has been misused..

    yes you do. be logical here. your systems got hacked. why do you think the hacker decided to access your systems in the first place? the answer is in the quoted line 🤯

    • FrugalNotStingy on 25/09/2020 - 23:49
      +2

      Right, misused - not yet. Exposed - definitely.

      • skido on 25/09/2020 - 23:58
        +3

        hacker would be stupid not to misuse the data and pass it on. they're probably getting paid a lot. but the point is - the wording of their lines make it sound like they're trying to lighten the seriousness of this issue

        • FrugalNotStingy on 26/09/2020 - 00:05
          +3

          Yep. What‘s the point in hacking the system if they are not going to use the data?

    • umoddbro on 26/09/2020 - 00:10
      +3

      In other words, shopback wants you to believe the hackers have no malicious intent… The hackers on the other hand beg to differ. What a load of bollocks that paragraph is.

  • prsam1 on 25/09/2020 - 23:49
    +3

    Poor form. They should have done open disclosure immediately. Repetitive generic responses by the shopback rep here are also infuriating. Will definitely be closing my account forever.

    • workhappens on 26/09/2020 - 00:22
      +17

      It sounds like they're in the awkward position of knowing enough to have had to report it to OAIC and affected individuals but not knowing enough about the end to end breach. Usually it's very hard to do open disclosure immediately because usually the forensics take time and you don't want to go off half-cocked.

      Friday night press release is dodgy as all hell though.

      • orangetrain on 26/09/2020 - 09:33

        And if you have any questions for the rep here, they will direct you to email them. But they're here!

        • Zachary on 27/09/2020 - 23:15

          Ahh good point! They should be able to answer any and all concerns right here on the spot instead of redirecting you to …somewhere else….if they are REALLY the rep on for shopback…

  • adam456 on 26/09/2020 - 00:04
    +5

    It will be interesting to see how many people follow through with their cancellation when Shopback inevitably do some 20% cashback of all categories on Amazon to try and fix up this mess.

    • [Deactivated] on 26/09/2020 - 00:27
      +1

      I certainly have. And I've made it clear that I'm happy to forfeit any un-cashed-out and tracked/pending credits to do so.

      What's you privacy worth to you.

      • spaceflight on 27/09/2020 - 23:47

        But at the same time you are allowing them to benifit from their poor practices that caused the data beach.

        They are profiting from their data breach…

        • Ben Kenobi on 28/09/2020 - 06:34

          They were profiting before the incident…ever notice how refunds of low value went through fine but anything of value often were rejected with the same lame excuses (they always try to put the lame back onto you, saying you did this or didn't do that even though you know all was fine!). I suspect these higher value refunds went into staff accounts…one of the reasons I stopped using both SB and CB months ago….just not worth the hassle to line someone else's pocket…life's too short!

    • dcep on 26/09/2020 - 11:12
      +1

      Yes please, 20% off oculus quest 2

    • Zachary on 27/09/2020 - 23:16

      If it was 100%, would you crawl back?

  • dylarr on 26/09/2020 - 00:08
    +4

    Wow, the info potentially breached is a phisher's dream: name, email, bank details, phone number, shopping history… ouch. Along with this, the lack of information provided and the delayed disclosure the ball has been dropped big time here. Really let your customers down.

    By the way, you became aware of this on the 17th of Sept which is over a week ago. This is not "a few days ago". It's over a week ago now before customers were notified.

    • Yuri Lowell on 26/09/2020 - 00:33
      +4

      Didn't think of that… If you used the same password, a hacker could check all the sites you've received cash back from and get your credit card details or make purchases (although they're likely partially hidden).

      • bazingaa on 26/09/2020 - 00:50
        +3

        thanks for the idea, now going though all sites which I have used SB and changing the passwords, good way to spend a Friday night, FML

        • NimitzHarrington on 26/09/2020 - 02:45
          +5

          It's never a good idea to reuse passwords on multiple sites. It is best to use a password manager like Keepass (local) or one like Norton Password Manager (online) and using random passwords for different sites.

          • annarchon on 26/09/2020 - 11:51
            +1

            @NimitzHarrington: It's never a good idea to reuse email on multiple sites.

            Outlook gives you 10 alias per account, sign up a couple, and you can have unique emails for most things, and use a few for specially for low risk/security items.

            I had a couple that used the same email as shopback, changed it to another alias and email still gets delivered to the same place.

            • lockmc on 26/09/2020 - 19:36

              @annarchon: Gmail let's you do myemail+1, myemail+2 etc.
              Anything after the + sign goes to the same email account. You can then setup filters based on the email.

      • lockmc on 26/09/2020 - 19:37

        Yep "password stuffing" is a huge issue these days. Won't take long to login to other accounts if you have the same password

  • Hargain Bunter on 26/09/2020 - 00:10
    +12

    If the cashback history was compromised, that combined with DOB, email and bank account details could easily be used for a spear phishing attack. Stay vigilant guys!

  • dcep on 26/09/2020 - 00:11
    +1

    I use the same password and email for my other logins .. not a good idea

    • bazingaa on 26/09/2020 - 00:15
      +1

      me too,can't even remember on which :(

    • Yuri Lowell on 26/09/2020 - 00:31
      +9

      Why would you do that? Use a password manager.

    • Hargain Bunter on 26/09/2020 - 00:35
      +5

      I would suggest resetting them all, and as others have advised, use a password manager so you can make them all unique.

      • bazingaa on 26/09/2020 - 00:46

        some of the apps don't even have an option to change password :(

        • Hargain Bunter on 26/09/2020 - 00:48
          +1

          Oh that’s weird, do they have the option on their website?

        • ragrum on 26/09/2020 - 01:30
          +3

          Using the 'Forgot password?' option at login screens can be useful to change passwords where the site/app doesn't offer a dedicated 'change password' feature.

          The advice to use a password manager is a very good one. You should be using unique, random strings of characters for every site, and password managers make that very easy.

          • bazingaa on 26/09/2020 - 02:06
            +1

            @ragrum: yes, going through that procedure now with different passwords :)

      • Zachary on 27/09/2020 - 23:19

        use a password manager so you can make them all unique.

        Funny when your computer then gets hacked and all your passwords for all the sites you visits gets opened up by the hacker who now has access to them all because they were all in one place in that password manager program, instead of up there in your head….or on a piece of paper….where they would have to physically break into your house to get your passwords….

        • Hargain Bunter on 27/09/2020 - 23:40

          Your password manager is encrypted with two factor authentication.

    • Dungeon Master on 26/09/2020 - 21:43
      +2

      Give BitWarden a try: I've used a few and personally I've stuck with this one.
      It makes it very easy to generate and save unique passwords.

  • Ivan Krazy on 26/09/2020 - 00:12
    +2

    Never got the email to reset password and checked spam folder. Poor form.

    • readeral on 26/09/2020 - 00:15

      Not that it makes up for their failure to send a reset - but after also not receiving a reset, I just logged in with my original password and reset it inside the dashboard.

  • FrugalNotStingy on 26/09/2020 - 00:13
    +19

    Hacking can happen to any systems of companies great and small. It‘s the way SB are handling of this situation and that they are playing down this matter piss me off. On top of the unknown repercussions of this data hack.

  • readeral on 26/09/2020 - 00:17
    +1

    Also wanna know where this data was compromised. ShopBack isn't an Australian company - was my data stored and accessed offshore?

    • FrugalNotStingy on 26/09/2020 - 00:20
      +6

      That‘s irrelevent now. The fact is that our data got harvested. The hackers could sell it to any country.

    • lockmc on 26/09/2020 - 19:38

      Stored offshore - almost certainly.

  • FrugalNotStingy on 26/09/2020 - 00:18
    +6

    I don‘t think I will have a good sleep tonight. Only sending the notification email at late night is not on.

  • lazydaisy on 26/09/2020 - 00:18
    +8

    I know most people on here are savvy and would have already considered this, but mentioning it just incase……
    If you have also used this password/email combination on other websites, be sure to change the passwords on those sites too!!!
    This is where the beauty of 2FA kicks in

    • Alex10 on 26/09/2020 - 12:25

      How does it work regarding passwords? Do the hackers see ******** (but don't actually see the characters) and then copy and paste that with the same email address and it will log you into other sites IF the email and password are the same?

      • cashews on 26/09/2020 - 19:38
        +1

        If the password is stored correctly, they'll get a string of text like:

        4420d1918bbcf7686defdf9560bb5087d20076de5f77b7cb4c3b40bf46ec428b

        • Dungeon Master on 26/09/2020 - 21:44
          +1

          how did you know my password

        • Alex10 on 01/10/2020 - 18:22

          if they get a string of text like 4420d1918bbcf7686defdf9560bb5087d20076de5f77b7cb4c3b40bf46ec428b

          How do they try and log in to other sites? Can they use the same password but not actually know what the password is?

    • Strahany on 26/09/2020 - 15:30
      +1

      Except 2FA is rendered useless when they have your phone number and DOB. They just need to keep trying different telcos, until they find the right one, and ask for a SIM swap - often DOB is enough to authorise this.

      Once they have your phone number on their device, they can use that to authorise 2FA requests.

      This is only mitigated if you use a service such as Google Authenticator.

      • [Deactivated] on 27/09/2020 - 09:08

        This is why a) MyGov sucks since the 2FA is only SMS, and b) any provider (such as Apple) who have mandatory SMS backup for 2FA has worthless security.

        Also, if it's a post-paid account, the account number is also needed for a port, and that will only be on the bill. This is why I would never use prepaid for my main number.

  • dylarr on 26/09/2020 - 01:00
    +2

    Since a lot of people will have stored their bank details with ShopBack, and for those of you who use ING - I would highly recommend adding a "secret question" to your ING account. It can be any question that only you know the answer to. Whenever you call ING in addition to the usual authentication questions, the system will also prompt the agent to ask you your secret question and they will not proceed until you've answered it successfully.

    Would be nice if ShopBack compensated customers for the cost of maintaining a credit monitoring service.

  • SpeedMeades on 26/09/2020 - 01:01
    +11

    Hi Shopback, you've been very active in these comments which is admirable at face value. Please can you answer the following questions:

    1. Do you track and log which websites users have browsed from given the google extension has the capability of doing this?
    2. What other browsing metrics are logged by Shopback on top of purchases from partner online retailers?
    3. Why didn't a communication go out soon after the breach was identified?
    4. Did it take you between the 17th and 25th September to assess the potential impact of the breach or was there another reason comms was not sent until a week later.

    If you can't answer the above questions, you are confirming that you do noth take our personal data seriously, and we are simply products to you.

    Regards,
    Cam

    • dylarr on 26/09/2020 - 01:03
      +1

      These are great questions that need to be answered.

    • SpeedMeades on 26/09/2020 - 01:10
      +9

      Also I note this question in the FAQ

      Q Is it safe to use ShopBack?

      A This incident has not affected your cashback balances in your ShopBack account. You may continue to access your ShopBack account and use our services as business operations have not been affected by the incident.

      Did you just dodge your own question in your own FAQ. Massive LOLs

    • lockmc on 26/09/2020 - 19:40

      I can answer 1 and 2 - everything the extension can access will be logged. Data is king these days and shop back is the exact type of company that would use and sell this type of data.

      • SpeedMeades on 28/09/2020 - 15:58

        @gotyourback is this true?

    • Zachary on 27/09/2020 - 23:25

      oooooh, no reply….

  • PopCounty on 26/09/2020 - 01:06

    Tell us what Exactly was the leak? How was it leaked? Who leaked it? Did someone insider intentionally did (highly unlikely). If not, what was the reason that it was leaked?

    Unless we have these information, hv faith it would be really hard for anyone to trust and be back again on SB.

Login or Join to leave a comment
Login Join