Important Notice to All Bleacher Report Users

Dear B/R Users:

We are writing to notify you about a security incident at Bleacher Report that may have exposed your login credentials to the Bleacher Report website and mobile application to an unauthorized third party. We take the security of our users’ information very seriously and out of an abundance of caution we are requiring all Bleacher Report users to change their passwords.  We are also providing all users with the detailed information set forth below about the incident so that individuals may evaluate additional steps to protect their information. 

You can change your password through this link: https://bleacherreport.com/account/change_password.  If you do not change your password within 72 hours, your existing password will cease to work and you will have to click the “Forgot Password?” link in order to reset your password.

 

What Happened?

On November 12, 2016, we became aware that an unauthorized party gained access to certain files containing limited Bleacher Report user information.  We immediately began investigating the incident, and our investigation revealed that the unauthorized party accessed this user information sometime in or before early November 2016.  We also reported the incident to law enforcement authorities.

 

We concluded that the unauthorized third party may have acquired the first name, last name, username (email address), and password for Bleacher Report’s website and mobile application user accounts.  The Bleacher Report website and mobile application do not collect credit card numbers or other sensitive personal information, such as Social Security numbers. 

 

What We Are Doing?

To protect our users, we are requiring all users to reset their passwords for Bleacher Report accounts.  Bleacher Report has also taken several additional steps to further improve its security.  

 

What You Can Do

If you use the same password for other online accounts, we recommend you set new passwords on those accounts immediately.  Internet security experts recommend using different passwords for each account and creating passwords that are hard to guess.  In addition, we will never ask you for personal or account information in an email, so please exercise caution if you receive unsolicited emails that ask for that information.

 

For More Information

We apologize for any inconvenience caused by this incident.  If you have any questions, please do not reply to this email, but instead contact us by sending an email to usersupport@bleacherreport.zendesk.com.  Immediately following is a broader Q&A with additional information related to this incident.

 

 

GENERAL Q&A

Q: What happened?

  • On November 12, 2016, we became aware that an unauthorized party gained access to certain files containing limited Bleacher Report user information.  Our investigation suggests that the unauthorized party accessed this user information sometime in or before early November 2016.  We also reported the incident to law enforcement authorities. 
  • Our investigation revealed that the unauthorized party may have acquired the first name, last name, username (email address) and password for Bleacher Report’s website and mobile application user accounts.  The Bleacher Report website and mobile application does not collect credit card numbers or other sensitive personal information, such as Social Security numbers. 

Q: Has the issue been resolved?

  • Yes. We have addressed the software vulnerabilities that may have allowed the third party to gain unauthorized access to Bleacher Report’s systems.

Q: How many individuals/subscribers were impacted?

  • While we cannot determine conclusively a specific number, we are requiring all registered users to update their login credentials. 

Q: Are Bleacher Report newsletter subscribers who do not have a user account impacted?

  • No.

Q: Were any other areas of the Time Warner/Turner portfolio impacted by this cyber-attack?

  • We have identified no indication of any impact beyond Bleacher Report.

Q: When did you first learn of the situation?

  • We first became aware of this matter on November 12, 2016.

Q: Why are you telling me this only now after one month?

  • We began our investigation immediately upon learning of the unauthorized activity and have worked diligently since then to determine facts and address the software vulnerabilities that may have allowed the third party to gain unauthorized access to Bleacher Report’s systems.

Q: What happens if someone uses my info to open a fake bank account or pretends to be me?

  • Our investigation revealed that the first name, last name, username (email address) and password for Bleacher Report’s website and mobile application user accounts may have been exposed to an unauthorized third party.  The Bleacher Report website and mobile application does not collect credit card numbers or other sensitive personal information, such as Social Security numbers, that are ordinarily required to open a bank account.  

Q: What actions were taken upon identifying this incident?

  • We conducted a thorough investigation and reported the incident to law enforcement. We also addressed the software vulnerabilities that may have allowed a third party to gain unauthorized access to Bleacher Report’s systems. 

Q: Is any personal financial data at risk?

  • Bleacher Report does not collect any credit card numbers or sensitive information such as Social Security numbers.

Q: Have you identified the source?

  • Yes. We have enhanced security to address the software vulnerabilities that may have allowed a third party to gain unauthorized access to Bleacher Report’s systems.

Q: How was this information accessed?

  • This information was accessed by an unauthorized third party.

Q: What specific information was obtained?

  • The unauthorized party may have acquired the first name, last name, username (email address) and password for Bleacher Report’s website and mobile application user accounts.

Q: How do I know if my information has been compromised?

  • With very limited exceptions, we cannot determine conclusively whether a particular person’s information was affected, and we are not able to provide any reports about that information. We are requiring all registered users to change their passwords.

Q: What steps have been taken to notify users?

  • We have sent an email communication to all registered users. We have also updated the Bleacher Report registration/sign-in page with a message notifying them of the incident, along with a Q&A containing additional information. 

Q: What Bleacher Report platforms are involved (e.g. desktop, mobile, app, newsletter)?

  • We are requiring all registered users to change their passwords across all Bleacher Report platforms. 

Q: Does this apply to users who log into the website/mobile application using Facebook?

  • No. The passwords of users who are logging into our website/mobile application using Facebook have not been affected by this incident.  We are therefore not requiring those users to update their passwords.

Q: What should I do if I suspect my information has been compromised?

  • Out of an abundance of caution, all users are being required to update their Bleacher Report registration information. We also recommend changing passwords of any potentially linked accounts. 

Q: What is being done to prevent this from happening in the future?

  • We take the security of our users’ information very seriously and Bleacher Report has taken several additional steps to further enhance its security.

 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk