Want to join the employee engagement conversation?

Check out our upcoming

Security incidence response

A Recent Security Incident: How We’re Responding

To the Bonusly community, 

Security is a top priority for us at Bonusly. We build security into our systems, our processes, and our culture. We understand our customers and users are trusting us with their data and we take the responsibility of securing it extremely seriously.

We recently became aware that Bonusly has joined a growing list of companies over the last three days that are being impacted by security incidents. 

What happened

Most critically, Bonusly was not the original target of this incident, and none of our customer company or personal data has been stolen.

We have identified a bad actor that has used a number of compromised credentials exposed in third-party breaches to fraudulently access and redeem rewards within the Bonusly platform. We have assembled a list of compromised accounts, implemented technology to blocklist identified intruders, and are making additional security enhancements to address this specific incident. It is our understanding that law enforcement is aware of the broader suite of incidents and is investigating.  

What we're actively doing

We will be contacting any customer who is potentially at risk to communicate how to take additional actions to further protect your account. We will include instructions and suggestions on further security measures that can be taken by your organization and details on actions taken by Bonusly directly related to your account.

We have included updates to the Bonusly in-app experience, plus security tips you can take below if applicable. We will continue to update you with the utmost transparency.

For Bonusly Customers: In-app updates & how to secure your passwords

Here are some of the immediate actions that Bonusly is taking in response to this incident:

  • Lowered a daily limit for reward redemption per user.

  • Removed the ability for admins to adjust user balances.
    User balances can still be adjusted administratively by reaching out to your Bonusly CSM.

  • Increased security and complexity requirements for passwords.
    For users who authenticate via web login (username and password), Bonusly uses an algorithm that analyzes the complexity of your password to ensure it is strong and unique. We have adjusted our algorithm to increase the required complexity. This means you will be required to have a stronger and safer password to protect your Bonusly account (and your Bonusly points!) from intruders. If you authenticate to Bonusly via SAML or SSO from other third party systems (Okta, GSuite, etc.), we strongly recommend the use of strong passwords and multifactor authentication (MFA) for those systems.

Here’s a list of our go-to tips for creating secure passwords:

  • Never reuse passwords

  • Use 2 factor authentication wherever possible (highly recommended)

  • Use at least 15 characters for your password (the more, the better!)

  • Use a mixture of both uppercase and lowercase letters

  • Mix in letters and numbers, passphrases are the best!

  • Include at least one special character

  • Try to avoid using actual words from any language by themselves because they are easier to guess and decode (i.e., Burgundy)

  • Consider using a password manager program to keep track of your passwords, which defeats a lot of standard hacking attempts

You can learn more about setting up MFA in our Help Center

We are committed to keeping Bonusly secure for all users, and we appreciate your partnership in making this happen. 

Raphael Crawford-Marks,
Founder & CEO, Bonusly 

Originally published on August 26, 2022 → Last updated August 26, 2022

Fun and funded: Announcing Bonusly's $9M Series A funding round

June 1, 2020 by Raphael Crawford-Marks Raphael Crawford-Marks

Recognition matters — and we have the accolades to prove it!

September 10, 2020 by Raphael Crawford-Marks Raphael Crawford-Marks

Recognition Program Promotion Guide

March 30, 2022 by Helen Murphy Helen Murphy
Raphael Crawford-Marks

Raphael Crawford-Marks is the Founder and CEO of Bonusly, an enterprise platform that helps companies create high-performance, high-engagement workplaces. He's passionate about building products that help people connect with their work and each other in meaningful ways.

bonusly-logo-2

Bonusly is a fun, personal employee recognition and rewards platform that helps people feel engaged and successful at work. ✨ Learn more about us.