BigCrumbs Logo
 
BigCrumbs.com is currently offline while we continue to investigate and remediate fraudulent activity.
 
Opt-in for e-mail updates (please be sure that "BigCrumbs News" is checked, at a minimum).


 
UPDATE - 2/27/2015 - 12:14AM EST
 
We are working tirelessly to bring BigCrumbs back online and we are aggressively projecting to be back up by Monday, March 2, 2015.
 
Hang in there. Won't be much longer now!


 
UPDATE - 2/5/2015 - 6:08PM EST
 
Members with verified PayPal accounts were paid as scheduled on February 2, 2015. Roughly 4% of members had unverifiable accounts and we will work with them ASAP to help them securely receive their payments.
 
Regarding the return of the BigCrumbs.com service, we have decided to use this time offline to implement additional modifications to the BigCrumbs website that will also better prepare us for the future of our program.
 
Thus, we will be offline longer than originally anticipated and have currently set an ETA of 1 - 2 weeks from this writing.
 
Thanks to all of our amazing members for your patience. We have resolved to turn this bit of adversity into an opportunity to make BigCrumbs better for all!


 
UPDATE - 2/1/2015 - 3:32PM EST
 
Our investigation and analysis are nearly complete. We continue to develop and test new security features that require members to use stronger passwords, etc. These must also be completed before the BigCrumbs.com service is brought back online.
 
However, at this time, we feel confident in proceeding with the on-time issuance of payments as scheduled on tomorrow, February 2, 2015. These payments will be sent only to members whose PayPal accounts were verified at the time that BigCrumbs.com was taken offline, provided that those accounts remain verifiable at the time of payment.
 
Normally, we issue notices to members who could not be paid due to unverifiable PayPal accounts. However, we will not be sending these notices when we process payments on February 2. So, if you are due a payment on your BigCrumbs balance and do not receive it, then it is because we could not verify your PayPal account.
 
Fortunately, this is expected to impact only a relatively small number of members. For those members, we will provide additional instructions for receiving their payments ASAP and in accordance with our new security features.
 
Again, we apologize for any inconvenience and appreciate your patience.


 
UPDATE - 1/30/2015 - 3:25PM EST
 
We continue to perform analysis and investigate affected accounts. It is taking some time, as we are pursuing as exhaustive an analysis process as possible in our effort to ensure the integrity of all member accounts.
 
We are also developing the necessary features to support the password change requirement, as well as the requirement for more complex passwords, and other security measures.
 
These new features must be fully tested and our analysis completed before the site is made live again. We do not have an ETA at this time, however, we will continue to update here as new information becomes available.
 
If you have not opted into our "BigCrumbs News" e-mail list, please do so using the link provided near the top of this page. We will also be sending updates to all members who are opted-in to that list.
 
Thank you for your patience as we undertake the necessary measures to ensure the continued security of our valued members.


 
UPDATE - 1/29/2015 - 11:05AM EST
 
Dear Valued Members,
 
We have determined that there has been unauthorized access to a number of member accounts. The number of confirmed affected accounts as of this writing is under 200. This number may increase as we continue to investigate.
 
It is important to note that this does not appear to be a "hack" or site-wide breach of the type popularized in news reports of other companies. Rather, it appears to be the compromise of a limited number of accounts that utilized common or overly-simple passwords, or otherwise re-used credentials from a different site that was previously breached.
 
Additional Information:

  1. There is no evidence that our servers or databases were compromised or penetrated. We continue to research this with our hosting provider.
  2. There is strong evidence that the means of unauthorized access were enabled via:
  3. The attack appears to have started on January 18, 2015, but possibly as early as December, 2014.
  4. Unauthorized access may have potentially revealed such member information as first and last name, e-mail address, postal address, and cash back history.

It is extremely important to avoid the use of common or overly simple passwords, as well as to avoid the reuse of account credentials at multiple sites.

What we are doing:
 
While we are still investigating and working to identify affected member accounts, we are also in the process of reaching out to those known to be affected, as well as our members in general.
 
As a precaution, the BigCrumbs.com site will remain offline until we've put into place several security measures, including:

  1. All members will need to reset their passwords upon their next sign-in attempt after the site is restored.
  2. Password requirements will become more stringent.
  3. BigCrumbs will not be able to pay members who have not reset their passwords. In some cases, additional verification may be required.

BigCrumbs's next scheduled payday is February 2, 2015 (because January 31st falls on a weekend). We are working to avoid delays in payment or any additional service interruption, however, securing affected accounts ahead of issuing payments is our priority. As such, there may be delays in this period's payments for the first time in BigCrumbs history.
 
We will update here with any additional details as they become available.
 
We apologize for any inconvenience to our valued members that this unfortunate incident may have caused.
 
Sincerely,
 
Vince Martin
CEO
BigCrumbs.com


 
Page loaded February 27, 2015 - 16:05:10 EST