Update on March 25, 2019: DataCamp engaged Kroll, a leading forensic security firm, to aid us in our investigation into this incident. Kroll’s review determined that mitigation steps taken by DataCamp were both timely and appropriate. DataCamp’s investigation is now complete and we are confident that the matter has been resolved at this time.
On February 11, we discovered that some user data was exposed by a third party who gained criminal, unauthorized access to one of our systems. We have engaged a leading digital forensics and security firm to assist us in the work being conducted by our internal security team.
Who Was Affected
We have contacted affected users to reset their passwords. If you would like to reset your password through our website, you can find instructions to do so here. If you did not receive an email notification regarding this incident, we do not believe your account was affected at this time.
What Kind of User Information Was Affected
The following information may have been exposed. Name, email address, optional profile information (including location, company, biography, education, and picture), salted hashed passwords using bcrypt, creation date, last sign-in date, and sign-in IP address. We do not store credit card data and do not believe credit card or PayPal data were affected.
What We’re Doing About It
Although our investigation is ongoing, we have taken the following steps:
As a precaution, we logged out all DataCamp users who we believe were affected and, if they used a password as their authentication method, we invalidated their passwords. These users also received an email with a link to reset their passwords.
We believe we have identified the root cause and taken steps to address the issue, although our investigation is ongoing.
We have also notified law enforcement and data protection authorities.
What’s Next
If we contacted you by email to reset your password, we encourage you to do so immediately. You can find more information about resetting your password here. Additionally, we always recommend that all DataCamp users follow good personal security practices: Avoid using the same password for multiple services or websites, always use strong passwords, and change your passwords often.
We apologize for the concern this incident has caused, and maintain our commitment to protecting the security of all DataCamp users. If you have any questions, you can contact us directly at support@datacamp.com.
