Forum Academy Marketplace Showcase Pricing Features

BE AWARE ONESIGNAL.COM will send Ads via your notifications!1

Today I got random notifications with pornography ads, in my own apps that I have made using xcode -11 swift . Both are for are rated for 12 years and up, after contacting them

I got an email from them saying change my password and the REST API got LEAKED, they said remove admin users, however, it’s only my account.- also if someone hacked my account I should see in the history the push message. Lastly, they said to rest the REST API, that’s dumb, I had two apps, one I made in 2018 and one this week, both have different API keys, how the hell they got “hacked” Also, just like you said, Admob doesn’t send ads via notifications. therefore it’s the issue within onesignal.com. Just to let you know I got this once in 2019 But I didn’t report it. I’m surprised no one also did.

my reply to onesignal.com :

Sir, I got the notifications on both apps, in the history of the messages of push notifications sent, I don’t see anything… Also, I change my password just in case even though I have a feeling that it’s not the problem because again, I don’t see any push messages in the history of my apps. Lastly the “REST API key” is not the problem, I have two apps with two API keys, I don’t think both are leaked, and I don’t have any of my project files anywhere of the web. I believe that your system has been comprised and someone is responsible for this. Just to let you know this is not the first time it happens.

Hi. I’m one of the founders of OneSignal and I’m so sorry this happened to you.

We’re working quickly to implement measure to further protect users from having their accounts compromised. This can happen if you have re-used a password across other websites that have been hacked and where user passwords or insecurely hashed passwords were leaked.

In the meantime, it sounds like our support team has already worked with you to make sure your API keys and password are reset, so we do not expect this to occur again for you. We encourage you to make sure you have not used the same password on any other websites.

4 Likes

This has never happened to me and I’ve used one signal for years across multiple sites both small and large.