Ibotta security

If you’ve quit using Ibotta, for fear that someone will hack your account and swipe your earnings, Ibotta wants you back. The retail rebate app has introduced new security upgrades, in an effort to prevent a series of unfortunate incidents from happening again.

“To help strengthen the safety and security of your Ibotta account, we’ve introduced a new Device Verification process,” the company has announced on its website and in an email to users. The new process entails linking a phone number to your account. Then, each time you request to cash out your balance, you’ll receive a seven-digit code via text (or via a phone call, if you can’t receive texts), which you’ll need to enter in order to receive your cash.

The change is meant to rectify what turned into a huge headache for Ibotta users, and for Ibotta itself, a couple of months ago.

Ibotta users earn cash back for buying promoted products, and can request a payment as soon as their balance reaches $10. But in late August, a number of Ibotta users began reporting that their account balances were cashed out – to someone else. And that led many users to worry that Ibotta had been hacked.

“It was not Ibotta that was hacked, but individual users that did not take proper security measures,” Ibotta Vice President of Marketing Richard Donahue assured Coupons in the News.

That rubbed many Ibotta users the wrong way – as though their empty accounts were their own fault – even though it was kind of true. As Ibotta tried to explain, and security experts concurred, Ibotta itself was not hacked. Instead, wrongdoers likely either randomly tried obvious passwords (like “123456” or “password”) to gain access to users’ accounts, or obtained password information associated with email addresses from other online accounts, and took a good guess that the user with that email address may also have used the same password for Ibotta.


And it worked enough times – several hundred times, Ibotta estimated – to make it worth the bad guys’ while. “Using the same login information across multiple websites can weaken your security,” Ibotta warns its users.

The circumstances were decidedly different, but when hackers accessed eBay users’ login and password information last year, eBay prompted all of its users to come up with new passwords. Jane Beauchamp, president of coupon fraud prevention and risk mitigation company Brand Technologies, suggested that Ibotta ought to do the same. “I went and signed up for their app and found their password option rather limited,” she told Coupons in the News. “I suggest they take a leadership role on the task of safeguarding their users’ assets, by requiring all their users to reset their password. It’s imperative that they do more than say it’s their users’ faults that they picked poor passwords.”

Instead, after the new security upgrade, any bad guy who figures out your Ibotta password will still be able to access your account – they just won’t be able to get your cash once they get in.

“We made the device verification change to ensure that regardless of our users’ password security practices we’d have additional safeguards in place,” Donahue told Coupons in the News. “This will help us to ensure that their cash earnings will be secure. To date, we are the only cash back/rebate app in the market that has implemented this security precaution.”

Call it the cost of convenience. Ibotta allows you to cash out directly to a PayPal account, or by purchasing e-gift cards – forms of payment that are not easily traceable if someone else gets a hold of your account balance. Other rebate apps, such as Checkout 51 and Snap by Groupon, send your earnings the old-fashioned way – by mailing you a check. It may seem somewhat archaic, but few thieves are going to provide their own home address – or go through the trouble of setting up a dummy address – when stealing rebate app balances.

Even well-meaning upgrades don’t always go flawlessly, though. On Ibotta’s Facebook page, comments from people concerned about their account security, were soon replaced by comments from people who said their app stopped working as soon as they downloaded the updated version. Donahue says a new update that’s now available should resolve any issues that users were having.

But look on the bright side – thieves can’t steal your cash, if they can’t even open your app. Not exactly the security upgrade you may have had in mind, but at least your account balance stayed safe, if inaccessible. In the end, it’s certainly better than the alternative.



  1. Ibotta is the WORST waste of time ever. Their new security measures delete your account if someone else hacks into it. They say your account was accessed on too many unique devices. That’s ridiculous but try and find one Ibotta user who has cashed out more than once and not run into this problem.

  2. That’s what I always cash out immediately. It’s not a savings account.

Leave a Reply

Your email address will not be published. Required fields are marked *


Privacy Policy
Disclosure Policy