UPDATE 21 APRIL 2017
italki has identified attempts to gain access to user accounts by unauthorized parties in the last few days. We believe that these attempts are part of a Brute-force Attack. Our system security and engineering teams have taken steps to neutralize the attack and increase the security of our system and web site.
No financial or payment information has been accessed on italki. This is because italki itself does not store any user’s payment information and details.
- Disabled password for affected accounts. italki has identified a small number of accounts that have been accessed due to this attack. To secure account privacy, our system security team took steps to automatically disable passwords of affected accounts. Users affected simply need to reset their passwords to have access to italki again.
- Password change recommendation for all users. We have also communicated to a larger group of users who have logged in to italki recently to change their passwords as soon as possible. However, these recommendations apply to all users. See more below for “Steps to safeguard your italki account”.
- reCAPTCHA for every login. Previously, users were prompted to provide the CAPTCHA security code only after a number of failed login attempts. We’ve now implemented a CAPTCHA security code prompt for every login attempt.
- We’re not done yet. We are currently reviewing and implementing new security systems and options for users to further safeguard their italki accounts.
Steps to safeguard your italki account
We encourage our users to follow these security recommendations:
- Change your passwords (create stronger passwords).
- Do not use on italki the same password used on other online services.
- Review your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.