NOTICE: If you are or have been a Couchsurfing travel network member, contact the Arnold Law Firm at (916) 777-7777.
In July 2020, an anonymous data broker informed Couchsurfing that 17 million of their user records were advertised for sale on hacking forums. It is thought that the data includes personal information of both current and past members and was stolen from company servers or a misplaced backup file stored in a cloud hosting environment earlier in the month.
Reportedly, the stolen data for sale includes:
It is unclear whether hackers may have obtained additional data, such as passwords or payment information, but have chosen not to offer them for sale yet. It is thought that the database includes past users that were previously purged, in addition to the network’s current 12 million members.
In its current state, the known stolen data is desirable for spam lists and malware distribution operations. If password information was also breached, the leaked credentials could be used by credential stuffing botnets to break into other online accounts. The botnets use lists of usernames and passwords gathered from breaches to attempt to log into another site in order to assume an identity, gather information, or steal money and goods.
Couchsurfing has not officially confirmed the breach. However, on July 20, 2020 via Twitter, @Couchsurfing tweeted:
Couchsurfing has reportedly hired an external cybersecurity firm to investigate the extent of the data breach, including what personal information was compromised. California law requires businesses to notify any California resident whose unencrypted personal information was acquired by an unauthorized person.
Founded in 2004, Couchsurfing is an online global social travel network with members in over 150,000 cities in every country in the world. Free until recently, the service links users to host one another in their homes, connect with locals on trips, or travel together.
Originally a grassroots effort, Couchsurfing became a for-profit corporation in 2011, going on to raise $23 million in venture capital to improve website features and functionality and in the hopes of keeping the service free to its users. Primary investors included Benchmark Capital, General Catalyst Partners, Menlo Ventures and Omidyar Network.
In response to the COVID-19 pandemic, Couchsurfing changed to a membership fee revenue model in May 2020, despite widespread criticism. Users in most developed countries must now pay a fee to use the platform. Members also have the option of paying a one-time charge to have their name and identification verified, adding a layer of security for travelers and hosts.
If you are or have been a Couchsurfing member, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible legal options.
Wrongfully blamed: What really happened to Randy Stevens
Randy Stevens opened his eyes and saw his wife standing over him in a hospital room. He had no idea what had happened. His last memory was of standing next to his truck trailer and watching as a Security Contractor Services forklift driver struggled to load an ungainly pallet of...Learn More
Last winter, a commercial truck and trailer made an abrupt wide turn into the path of a 24-year-old motorcyclist. The resulting collision sent Justin to the hospital with a collapsed lung, multiple fractured bones and a traumatic brain injury.
Justin's mother realized that her son needed legal help. While he was still in a coma...Learn More