We’ve just gotten word that development-outsourcing site Elance has suffered a security breach, compromising some user information that included names, addresses, phone numbers, and location (no financial information was taken).
Multiple users have received the following letter:
It has recently come to our attention that certain Elance user information was accessed without authorization, including potentially yours. The data accessed was contact information — specifically name, email address, telephone number, city location and Elance login information. This incident did not involve any credit card, bank account, social security or tax ID numbers.
We have remedied the cause of the breach, and are working with appropriate authorities. In the meantime, please take extra precautions in protecting your Elance account. For example, do not provide your login information on any site that is not http://www.elance.com, and NEVER give out passwords by email, over the telephone or on websites that are not the Elance site.
We sincerely regret any inconvenience or disruption this may cause.
For more details and ongoing information about this, please visit this page in our Trust & Safety center: http://www.elance.com/p/trust/account_security.html
Michael Culver
Vice President
Elance
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Elance’s security alert site reveals that the data was taken by hackers who discovered a security hole on the site:
The hackers discovered a security hole on an unprotected page that enabled them to access a data table that contained contact information including name, email address, telephone number, city location, and username, and that contained protected versions of user passwords, in an unreadable format called a one-way hash. Their attack did not access personal financial information such as credit card, bank account, social security or tax ID numbers.
In a bizarre twist Elance’s security site says that some of the stolen user data is now appearing on OutsourcingRoom.com, a competing service. Elance writes that it is working to have the data removed.
This is only the latest in a recent string of security breaches on major web services. It’s obviously nearly impossible to guard against every kind of online threat, but if we’re going to become comfortable having our entire computing experience in the cloud, things need to change.
