Hooded Hacker
The leaked database contains information such as usernames, passwords, first and last names, addresses, and phone numbers of Elance users iStock


IBTimes UK has added a comment from Upwork that the leak has no current impact on customers.

Upwork said, "Given that the Elance site has since closed, the accounts that were impacted no longer exist so that incident has no current impact on our customers."

The firm added that after the 2009 data breach, Elance "took all proper actions to protect user information", including "working with the appropriate authorities" to mitigate the attack. The firm added that it notified customers about the incident and initiated password resets for all users.

Original article

A hacker has reportedly leaked 1.3 million accounts from staffing platform Elance onto an underground hacking forum. The leaked database also allegedly contains hundreds of thousands of Yahoo and Gmail accounts.

According to Yogev Mizrahi of data breach notification website Hacked-DB, the hack in which information of over 1 million registered users was stolen happened in 2009. However, the data has surfaced only now, 8 years after the data breach, HackRead reported.

In 2013, Elance, which used to be one of the most popular staffing platforms, merged with oDesk. In 2014, the partnership saw the launch of a combined and renewed platform Upwork. The firm however, is yet to comment on the alleged hack and data leak.

According to Mizrahi, the leaked database contains five different text files with information such as usernames, passwords, first and last names, addresses and phone numbers of Elance users. Additionally, the leaked data also allegedly includes 253,576 Yahoo email accounts, 192,119 Gmail accounts, 192,043 Hotmail accounts and 271 .Gov accounts.

The database also contains 3,051,814 salted SHA1 passwords. Salted passwords help add an extra layer of security, in turn making it more difficult for hackers to crack passwords, indicating that the leaked Elance passwords may be difficult to decrypt.

Despite the hacked data being 8 years old, reports speculate that it may still hold some value for malicious entities, who may seek to use the data for nefarious purposes. It is still unclear if the hacked data has been put up for sale by the cybercriminal who leaked it. It is also uncertain if the hacker behind the leak is the same attacker who allegedly hacked Elance in 2009.

It seems the massive data breaches of 2016, like the LinkedIn hack and the Yahoo breach, appears to be spilling over to 2017 as well. In the face of increased cyber threats, users are best advised to follow safe data practices, to ensure that their data is safeguarded against hackers.