Atlas App Hacked

* Update on January 11, 2019

We regret to say that our Ontario Reptile and Amphibian Atlas App has been hacked and personal information (name, email and password) was posted online. We believe that the reptile and amphibian data has not been compromised.

Our team is working hard to rectify this breach and ensure nothing like this happens again. For starters, we are:

• Encrypting all passwords in the database;
• Resetting all passwords in the database;
• Contacting the host of the website displaying the stolen information demanding that the malicious website be removed; and
• Alerting the Privacy Commissioner of Canada about the breach.

If you used that same password elsewhere, as a precaution we’d strongly advise that you change that password immediately. 

The passwords for all atlas accounts have been reset. Please set a new password for your atlas app account.

If you have the app on a mobile device:

1. Log out of your account.
2. Click the ‘Reset Password’ button.
3. You will receive an email with a new password. Enter this into the login screen on the atlas app.
4. You will be prompted to create a new password.

To change your password on a desktop, visit: ontarionature.org/oraa/app and then follow the same steps.

When was the app hacked and how were atlas users notified?
Ontario Nature became aware of the security breach on December 24, 2018. User information may have been breached as early as September 2017. We immediately published a blog and posted on our Facebook group page alerting users of the security breach on December 24, 2018. We circulated an initial email on January 4, 2019 as soon as we had gathered more information and worked through some initial steps with the developer.

Whose information was leaked?
All atlas users were contacted, regardless of whether their information was leaked. We urge everyone to change their passwords as a precaution as all passwords were vulnerable even if they were not leaked online.

Can Ontario Nature provide users with the website where the information was leaked?
Sorry; we are not providing the link where account information was leaked in order to protect everyone’s privacy. We recognize this may be frustrating, but do not want to drive more traffic to the illicit webpage. You can see if your email has been compromised from any privacy breach through this website: https://haveibeenpwned.com.

How can I find out which password I used for my atlas account?
If you are unsure of which password you used, please change them all. We understand that this may be a long process but changing passwords on a regular basis is good practice for ensuring your security.

How can you be sure the app won’t get hacked again?
The host has changed since the hack. We have changed the database password and encrypted all passwords within the database. We are looking into further security measures.

Is there a risk that reptiles or amphibians will be poached from this breach?
There has not been a large amount of data downloaded on personal accounts, or for sensitive species, since the breach happened. While it’s still possible someone simply viewed the data from individual accounts, we do not believe the atlas data was the target. For that data to be compromised, the hacker would need to go into each account to see submissions. None of the individual accounts have access to the amalgamated data. From what we understand, this is the same scam/breach that happened to LinkedIn and other companies going after emails and passwords.

Sorry for the inconvenience that this breach has caused. Your privacy and security are important to us.

We will update you as we learn more and take further steps with our developer to safeguard the atlas app.

We appreciate your understanding and patience.

-The Ontario Nature Team

Ontario Nature is a charity that has been protecting wild species and wild spaces through education, conservation and public engagement since 1931. We are there when nature needs us most.