Security Note for Registered Users of RateMyProfessors.com

All potentially affected registered users of RateMyProfessors.com recently received an email notice informing them of a breach affecting email addresses, passwords, and registration dates for RateMyProfessors.com. Please be assured that we have not seen indications that the credentials were used without authorization or that ratings submitted to RateMyProfessors.com were acquired as part of this incident.

It is important to note that, if you used RateMyProfessors.com only as a non-registered user, no information about you and no ratings you submitted were implicated in the incident.

The following questions and answers provide further information about this incident.

1. What happened?

On December 24, 2015, RateMyProfessors.com observed suspicious activity on one of its backend systems and promptly investigated. As a result of that investigation, RateMyProfessors.com believes that on or about November 26, 2015, hackers gained access to one of the backend systems of RateMyProfessors.com through a decommissioned version of the RateMyProfessors.com website. These hackers acquired email addresses and passwords for some registered users of the active RateMyProfessors.com website (â€œSiteâ€). We have not seen indications that the compromised information has been used without authorization or that ratings submitted to the Site were implicated in the incident.

Unfortunately, hacking incidents like these have become an all-too-common occurrence for many companies. Nevertheless, we take this incident seriously and will continue to take steps to address usersâ€™ concerns.

2. Were my credentials compromised?

RateMyProfessors.com has notified those individuals whose credentials may have been compromised, by sending email notice to their registration emails. If you did not register with RateMyProfessors.com, your information is not affected, and if you registered after December 28, 2015, your information is not affected. If you received an email notice from RateMyProfessors.com regarding this incident, then your credentials may have been compromised.

3. Are the ratings that I submitted about Professors still anonymous?

The information believed to be accessed did not include ratings information. Furthermore, we have seen no indications that any ratings information was compromised or accessed without authorization.

4. What type of information was compromised?

The personal information involved consists of email addresses and passwords for registered users of RateMyProfessors.com, and the date those users registered on RateMyProfessors.com. The Site does not collect payment card information, social security numbers (in the U.S.), social insurance numbers (in Canada), or driverâ€™s license numbers, so none of that type of data was involved in the incident.

5. What is RateMyProfessors.com doing to address the situation and prevent a recurrence of this incident? / Is my information safe?

RateMyProfessors.com takes privacy and data security very seriously. Among other steps taken in response to the breach, RateMyProfessors.com disabled the method of access used by the hackers, quickly engaged U.S. law enforcement, blocked the IP addresses from which the attack originated, and initiated a password change requirement for all potentially affected registered users logging into the Site.

RateMyProfessors.com also notified all potentially affected registered users so they can take precautionary measures, including resetting the password for any other online service for which their prior password for RateMyProfessors.com was also used.

RateMyProfessors.com constantly reviews and enhances its systems and processes and will continue to take appropriate steps to minimize risks of such incidents in the future.

6. How do I change my password?

As of December 30, 2015, we required returning registered users to change their password at first logon. We encourage you to visit the Site and change your password if you have not already done so.

7. What else can I do to protect myself?

If you used your prior RateMyProfessors.com password for any other online services, you should promptly change those passwords too. You should be on guard against phishing scams, which are designed to trick individuals into providing personal information in response to phony emails. As a rule, companies do not ask for personal information like credit card numbers, bank account information, or passwords via email and we will certainly not do so. If you receive an email that you suspect to be a phishing email, promptly delete it.

8. Is RateMyProfessors.com doing anything to protect me from identity theft and are my financial accounts at risk?

RateMyProfessors.com does not collect payment card information, social security numbers in the US, social insurance numbers in Canada, or driverâ€™s license numbers. Given the type of information involved, we do not believe your financial accounts are at risk from this incident. And it is unlikely that identity thieves could use the information acquired from this incident to steal your identity. If you used your RateMyProfessors.com password on any other online services, you should change those passwords promptly.

9. What can I do to protect myself from phishing scams?

Be aware of unsolicited emails that appear to offer you identity theft protection or other services but are truly phishing scams designed to steal your information. Don't give out personal information on the phone, through the mail, or on the Internet unless you've initiated the contact and are sure you know who you're dealing with. If you receive an email with a link, confirm that you are dealing with a legitimate organization before sharing any personal information. One way to do this is to check an organization's website by typing its URL in the address line, rather than cutting and pasting it. RateMyProfessors.com will never ask for your personal information in an email. For more information on phishing and on how to avoid being a victim of phishing, please see https://www.us-cert.gov/ncas/tips/ST04-014. If you have any questions about the authenticity of a communication you receive from RateMyProfessors.com, please contact us at security@ratemyprofessors-ques.com.

10. Who can I contact if I have additional questions or concerns about the incident?

If you have any additional questions or concerns about the incident, you may contact us at security@ratemyprofessors-ques.com.