I have an account at Bodis, but I don’t believe I have ever used it before because I don’t do much PPC parking. Because I have an account though, I received an email from the company this afternoon linking to a corporate blog post announcing a “security incident.”
While it does not appear that Bodis itself suffered any sort of breach, some accounts may have been impacted. Here’s an excerpt of the blog post with the summary of what happened:
“Our team has observed an attempt to gain access to user accounts on the Bodis system using an automated login script. The intruder has attempted to gain access to various accounts using predefined email addresses and password combinations, of which the overwhelming majority failed to work. Most users have received a Failed Login email notification as a result of these failed login attempts.
However, it seems that the intruder was able to access several accounts. In the instances where the intruder was able to access accounts, we opted to disable account access several hours later and notified those users to reset their password, check their payout settings, as well as any other personal information.”
Bodis isn’t the first platform to deal with something like this. I recall something similar at a smaller domain registrar several years ago.
There are two key takeaways from my perspective. People should not re-use passwords on multiple websites or platforms. Two factor authentication should be also be used when a platform allows it.
I appreciate that Bodis shared information about this security incident.